Cloud Security Practitioners are typically familiar in the publicly documented APIs provided by cloud services, understanding their core potential for both defensive and offensive security strategies. Despite this familiarity, the nuanced implementation of these APIs often introduces significant security challenges.

Yet, these challenges extend beyond these documented interfaces. What about the APIs that remain undocumented? As organizations enhance their security operations, Microsoft improves detective and logging capabilities, and as third-party tools simplify implementation and adoption, adversaries increasingly seek out less protected or monitored attack vectors.

These vectors often include legacy and undocumented APIs, which, due to their obscurity, are less likely to be monitored or restricted appropriately.

This talk aims to shed light on some of these lesser-known APIs within Azure and Entra, exploring their potential for exploitation and, crucially, the measures Cloud Security Practitioners can take to mitigate these risks. In some instances, coverage gaps exist at the platform level, offering limited recourse for defenders.

Through the documentation of these APIs' functionality, detectability, and impact, we aim to provide the Cloud Security community with the knowledge to close some of these gaps, enabling more secure and resilient cloud environments.