AZ-500T00-A - Microsoft Azure Security Technologies (D4)

Module 4 : Manage Security Operations

1. Azure Monitor
2. Azure Security Center
3. Azure Sentinel
4. Hands-on Labs
• Lab 13 : Azure Monitor
• Lab 14 : Azure Security Center
• Lab 15 : Azure Sentinel
  

AZ-500T00-A - Microsoft Azure Security Technologies (D3)

Module 3 : Secure Data and Application

1. Azure Key Vault
2. Application Security
3. Storage Security
4. Database Security
5. Hands-on Labs
• Lab 10 : Key Vault (Implementing Secure Data by setting up Always Encrypted)
• Lab 11 : Securing Azure SQL Database
• Lab 12 : Service Endpoints and Securing Storage
  

AZ-500T00-A - Microsoft Azure Security Technologies (D2)

Module 2 : Implement Platform Protection

1. Perimeter Security
2. Network Security
3. Host Security
4. Container Security
5. Hands-on Labs
• Lab 07 : Network Security Groups and Application Security Groups
• Lab 08 : Azure Firewall
• Lab 09 : Configuring and Securing ACR and AKS
  

AZ-500T00-A - Microsoft Azure Security Technologies (D1)

Module 1 : Manage Identity

1. Azure Active Directory
2. Hybrid Identity
3. Azure AD Identity Protection
4. Azure AD Privileged Identity Management
5. Enterprise Governance 
6. Hands-on Labs
• Lab 01 : Role-based Access Control
• Lab 02 : Azure Policy
• Lab 03 : Resource Manager Locks
• Lab 04 : MFA, Conditional Access and AAD Identity Protection
• Lab 05 : Azure AD Privileged Identity Management
• Lab 06 : Implement Directory Synchronization
  

OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649)

On Sept. 14, 2021, Microsoft’s Security Response Center (MSRC) released security patches detailing the findings of four (4) critical vulnerabilities affecting the Microsoft Azure package Open Management Infrastructure (OMI). 

The open-source OMI package is designed to provide a portable infrastructure backbone for web-based management tools, such as diagnostic monitoring, log analytic services and automation functionality within UNIX and Linux systems. OMI is used by Microsoft Azure to manage UNIX packages within Azure virtual machines (VMs), containers and serverless cloud instances. 

According to Microsoft’s security release notes, any system created, or which has updated its OMI package, after Aug. 11, 2021, should automatically be patched.

1. CVE-2021-38645 – Privilege Escalation vulnerability (Severity: 7.8)
2. CVE-2021-38647 – Unauthenticated RCE as root (Severity: 9.8)
3. CVE-2021-38648 – Privilege Escalation vulnerability (Severity: 7.8)
4. CVE-2021-38649 – Privilege Escalation vulnerability (Severity: 7.0)

The OMI security vulnerabilities cut across multiple Azure services, including but not limited to:

• Azure Automation
• Azure Automatic Update
• Azure Operations Management Suite (OMS)
• Azure Log Analytics
• Azure Configuration Management
• Azure Diagnostics

Microsoft uses OMI in these Azure services, but its agent runs as root privileges and any user can communicate with it using a UNIX socket or via an HTTP API when configured to allow external access. External users with low privileges can simply execute code remotely on a targeted machine.

OMI agent is listening on TCP port 5985. All OMI versions below v1.6.8-1 are vulnerable. For manual remediation, get the update from OMI GitHub v.1.6.8-1

Links:

• https://attackerkb.com/topics/u2ilzKORPG/cve-2021-38645/vuln-details
• https://news.sophos.com/en-us/2021/09/14/big-office-bug-squashed-for-september-2021s-patch-tuesday/ 
• Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions
  
• https://myseq.blogspot.com/2021/08/microsoft-omi.html
• omi_port_scan / perl script - https://github.com/iopsmon/omi_port_scan 
  

The 2021 OWASP Top 10 Have Evolved

The OWASP Top 10 is an awareness document that highlights the top 10 most critical web application security risks. The risks are in a ranked order based on frequency, severity, and magnitude for impact.

OWASP has maintained this list since 2003, and every few years, they update the list based on advancements in both application development and application security. 

The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on securing web applications during the ever-evolving development process.

So, what's changed?

OWASP released their new OWASP Top 10 for 2021. Check out the changes below:

OWASP Top 10: 2017 Vs 2021

 

Examples of the new changes include:

• The introduction of insecure design 
• Broadened focus of injections
• Vulnerable and outdated components replace “using components with known vulnerabilities" 

 

Links:

• https://www.rapid7.com/blog/post/2021/09/30/the-2021-owasp-top-10-have-evolved-heres-what-you-should-know/
  

Control Facebook Video Playing Speed

Today learned a simple way to increase the speed of playing Facebook video. And the steps below is the same for Firefox or Chrome or Edge browsers.

Steps:

1. Open the console [press ctrl-shitft-i and then click Console tab]
• Or you can press ctr-shift-j to open the console tab directly
  
2. Paste the following at the prompt:
• document.getElementsByTagName("video")[0].playbackRate = 1.25
  

Instead of 1.25, you can put like 1.5 (for 50% speed increase) or 2 (for 100% speed increase)

console

Links:

• https://pletaura.com/how-to-speed-up-facebook-videos/
  

Easter Egg in Modern Browsers

Google Chrome:   chrome://dino

chrome://dino

 

Microsoft Edge: edge://surf

edge://surf