Leveraging Azure Resource Graph for Good and for Evil
2022-07-25 , Room 1

Azure Resource Graph (ARG) is a little known service that you interact with daily if you work with Azure. It powers the Azure Portal search bar giving it God-level visibility across your assets. ARG Explorer is a sub-service that empowers you to carry out in-depth resource exploration across subscriptions with limited permissions. This makes it a double-edged sword and an extremely powerful tool for attackers in the Discovery phase. Resource Graph Explorer is faster, more efficient and less noisy than Azure CLI, PowerShell and various Azure pen testing tools. In this session, you'll learn how to leverage Azure Resource Graph Explorer to enhance your organization's attack surface visibility, operations and security posture as well as how to quickly identify vulnerable and critical assets AKA attractive targets. You will also learn a bit of Kusto Query Language (KQL) Kung FU!

Product Detection Engineer @ Datadog. Formerly medical device security and cloud security consulting for a couple of Fortune 500s. I enjoy reading, working out, spending time with family and attending security conferences.