Aled Mehta
Aled is an experienced security professional focusing primarily on cloud security research, having worked with Microsoft Cloud services for 9+ years. Since establishing Dolphin Labs in 2024, his primary focuses have been exploring nuanced and novel security issues in Microsoft cloud services, developing security tooling, and sharing knowledge and learnings with the wider security community.
Session
Cloud Security Practitioners are typically familiar in the publicly documented APIs provided by cloud services, understanding their core potential for both defensive and offensive security strategies. Despite this familiarity, the nuanced implementation of these APIs often introduces significant security challenges.
Yet, these challenges extend beyond these documented interfaces. What about the APIs that remain undocumented? As organizations enhance their security operations, Microsoft improves detective and logging capabilities, and as third-party tools simplify implementation and adoption, adversaries increasingly seek out less protected or monitored attack vectors.
These vectors often include legacy and undocumented APIs, which, due to their obscurity, are less likely to be monitored or restricted appropriately.
This talk aims to shed light on some of these lesser-known APIs within Azure and Entra, exploring their potential for exploitation and, crucially, the measures Cloud Security Practitioners can take to mitigate these risks. In some instances, coverage gaps exist at the platform level, offering limited recourse for defenders.
Through the documentation of these APIs' functionality, detectability, and impact, we aim to provide the Cloud Security community with the knowledge to close some of these gaps, enabling more secure and resilient cloud environments.