Jake Karnes
Jake has a B.S. in Computer Science from San Jose State University, and holds the GIAC Certified Incident Handler and Certified Ethical Hacker certifications. He specializes in web application penetration testing. Jake also contributes to the development of applications and tools for the NetSPI penetration testing team.
March 30th, 2020
Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings
TL;DR If you’re a local admin on an Azure VM, run the Get-AzureVMExtensionSettings script from MicroBurst to decrypt VM extension settings and potentially view sensitive parameters, storage account keys and local Administrator username and password. Overview The Azure infrastructure needs a mechanism to communicate with and control virtual machines. All Azure Marketplace images have the […]
February 13th, 2020
Attacking Azure with Custom Script Extensions
PowerShell and Bash scripts are excellent tools for automating simple or repetitive tasks. Azure values this and provides several mechanisms for remotely running scripts and commands in virtual machines (VMs). While there are many practical, safe uses of these Azure features, they can also be used maliciously. In this post we’ll explore how the Custom […]