Overview
This course teaches learners how to exploit the ChaosDB vulnerability in Azure Cosmos DB, allowing full admin access to thousands of databases. The skills taught include network reconnaissance, decoding certificates, and exploiting vulnerabilities in Azure services. The teaching method involves practical demonstrations and a step-by-step guide to executing the exploit. The intended audience for this course includes cybersecurity professionals, ethical hackers, and individuals interested in cloud security.
Syllabus
Intro
Wiz Research Team
Motivation
Research Mindset
Bug #1 - Jupyter Notebook LPE
Bug #2 - Unrestricted Network Access
Network Recon - IMDS
Network Recon - WireServer
WireServer 101 - Goal State
WireServer 101 - Extension Configuration
WireServer 101 - Certificate Endpoint
Decoding CertificatesBondPackage
Recon - Cluster Endpoint - Manifest
Listing Running Applications in Cluster
Recap - The Full Exploit
Disclosure Timeline
Account Service Takeover
Taught by
Black Hat