infernux

Test Yourself: The Prelude

Some tips, tricks and tools to help you get started testing your own infrastructure. This is the start, where I'll just lay out some basic principles of security that we need to keep in mind moving forward.

Posted on June 21, 2024

Cloud infrastructure is by nature complex, and it’s constantly changing (at least the names, looking at you Defender 365 XDR). At least, it seems that way. Truth is, security in itself hasn’t evolved a lot. Basic security, according to the Microsoft Digital Defense Report from 2023 can help us protect... [Read More]

Tags: Cyber Security, Entra ID, Security Monitoring, Entra ID, Azure, Microsoft 365

Download Azure DevOps Repositories using a Managed Identity and REST API

Everything you need to know to download Azure DevOps repositories using a Managed Identity and REST API

Posted on April 17, 2024

In this post, we will go over how to download Azure DevOps repositories using a Managed Identity and REST API. This is a follow-up to the post on how to authenticate to Azure DevOps using a Managed Identity. [Read More]

Tags: Nice to know, Entra ID, Azure, Azure DevOps, Managed Identity

Authenticate to Azure DevOps using Managed Identity and REST API

How to add a managed identity to Azure DevOps and get access tokens for Azure Devops

Posted on April 17, 2024

This one is very short and sweet - how to authenticate to Azure DevOps using a Managed Identity. This can be done from a virtual machine, Azure Function, or any other Azure service that supports Managed Identities. Usually when we authenticate to Azure DevOps we are stuck using a Personal... [Read More]

Tags: Entra ID, Azure, Managed Identity, Identity and Access Management, Cloud Security, Azure DevOps

Tools You Should Know: ScubaGear

Developed by CISA, ScubaGear is an assessment tool that verifies a Microsoft 365 (M365) tenant’s configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents.

Posted on March 9, 2024

Welcome to the first post in the series “Tools You Should Know”. In this series, I’ll go over some of the tools and services that I’ve found useful in the past. The focus will be on Microsoft 365 and Azure, but I might look to expand with other cloud providers... [Read More]

Tags: Cyber Security, Entra ID, Security Monitoring, Entra ID, Azure, Microsoft 365, ScubaGear

Automating Security Monitoring - Part 2: Automation

A look at automating alerts and incident-handling.

Posted on February 3, 2024

Let’s get straight to the point; security monitoring is the process of consuming data, analyzing it and detecting malicious activity, then handling that malicious activity. There are more factors at play that will influence some of your decisions: [Read More]

Tags: Microsoft Sentinel, Automation, SOAR, Security Monitoring, Security Automation Orchestration and Response

security automation blog