Ausnahme gefangen: SSL certificate problem: certificate is not yet valid ๐Ÿ“Œ BlobHunter - Find Exposed Data In Azure With This Public Blob Scanner
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š BlobHunter - Find Exposed Data In Azure With This Public Blob Scanner


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: feedproxy.google.com


An opensource tool for scanning Azure blob storage accounts for publicly opened blobs.
BlobHunter is a part of "Hunting Azure Blobs Exposes Millions of Sensitive Files" research:
https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files


Overview

BlobHunter helps you identify Azure blob storage containers which store files that are publicly available to anyone with an internet connection.
The tool will help mitigate risk by identifying poorly configured containers that store sensitive data, which is specifically helpful in larger scale Azure subscriptions where there are a significant number of storage accounts that could be hard to track.
BlobHunter produces an informative csv result file that provides important details on each publicly opened container in the scanned environment.


Requirements

  1. Python 3.5+

  2. Azure CLI

  3. requirements.txt packages

  4. Azure user with one of the following built-in roles:

    Or any Azure user with a role that allows to perform the following Azure actions:

    Microsoft.Resources/subscriptions/read
    Microsoft.Resources/subscriptions/resourceGroups/read
    Microsoft.Storage/storageAccounts/read
    Microsoft.Storage/storageAccounts/listkeys/action
    Microsoft.Storage/storageAccounts/blobServices/containers/read
    Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read

Build

Example for installation on Ubuntu:
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
pip3 install -r requirements.txt

Usage

Simply run

python3 BlobHunter.py

If you are not logged in in the Azure CLI, a browser window will be prompted at you for inserting your Azure user credentials.


References

For any question or feedback, please contact Daniel Niv, Asaf Hecht and CyberArk Labs.



...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ CVE-2019-2231 | Google Android 9.0/10.0 blob.cpp Blob::Blob input validation


๐Ÿ“ˆ 50.47 Punkte

๐Ÿ“Œ Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files


๐Ÿ“ˆ 48.61 Punkte

๐Ÿ“Œ Load data from Azure Blob storage into Azure SQL | Data Exposed


๐Ÿ“ˆ 44.33 Punkte

๐Ÿ“Œ Load data from Azure Blob storage into Azure SQL | Data Exposed


๐Ÿ“ˆ 44.33 Punkte

๐Ÿ“Œ CVE-2016-1899 | CGit up to 0.11 ui-blob blob/cgit.c mimetype crlf injection (FEDORA-2016-215b507409 / BID-80033)


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ CGit bis 0.11 ui-blob Handler blob/cgit.c mimetype Cross Site Scripting


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ CGit bis 0.11 ui-blob Handler blob/cgit.c mimetype Cross Site Scripting


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Exposed Blob Storage in Azure, (Thu, Nov 12th)


๐Ÿ“ˆ 31.21 Punkte

๐Ÿ“Œ Preventing Exposed Azure Blob Storage, (Thu, Nov 12th)


๐Ÿ“ˆ 31.21 Punkte

๐Ÿ“Œ Cayman Islands Bank Records Exposed in Open Azure Blob


๐Ÿ“ˆ 31.21 Punkte

๐Ÿ“Œ Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm's CRM customers


๐Ÿ“ˆ 31.21 Punkte

๐Ÿ“Œ SQL Insider Series: Exporting Azure SQL DB BACPAC file to Azure with Azure Automation | Data Exposed


๐Ÿ“ˆ 30.56 Punkte

๐Ÿ“Œ Azure SQL VM: Azure Backup & restore for SQL Server on Azure Virtual Machines - Ep10 | Data Exposed


๐Ÿ“ˆ 30.56 Punkte

๐Ÿ“Œ Generally available: Azure Blob Storage Cold Tier in Poland Central, Qatar Central and Azure China


๐Ÿ“ˆ 29.64 Punkte

๐Ÿ“Œ Data Exposed | Docs on Azure SQL Database Machine Learning Services | Data Exposed


๐Ÿ“ˆ 29.08 Punkte

๐Ÿ“Œ Mark Russinovich on future of Azure and databases | Data Exposed | Data Exposed


๐Ÿ“ˆ 29.08 Punkte

๐Ÿ“Œ SQL Server Licensing: High Availability / Disaster Recovery Azure VM | Data Exposed | Data Exposed


๐Ÿ“ˆ 29.08 Punkte

๐Ÿ“Œ What is Azure Arc Enabled PostgreSQL Hyperscale? | Data Exposed | Data Exposed


๐Ÿ“ˆ 29.08 Punkte

๐Ÿ“Œ What is Azure Arc Enabled SQL Managed Instance | Data Exposed | Data Exposed


๐Ÿ“ˆ 29.08 Punkte

๐Ÿ“Œ How to connect to Azure SQL Database from Azure Data Studio | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ How to Deploy Azure SQL Anywhere โ€“ Using Azure Arc for Data Services | Data Exposed: MVP Edition


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ Get Started with Azure Data Explorer using Apache Spark for Azure Synapse Analytics | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ Azure SQL Security: The What, Why & How of Securing your Data with Azure SQL (Ep. 6) | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ How to migrate SQL Server to Azure SQL Database offline using Azure Data Studio | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ How to connect to Azure SQL Database from Azure Data Studio | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ How to Deploy Azure SQL Anywhere โ€“ Using Azure Arc for Data Services | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ Get Started with Accessing Azure Data Explorer using Apache Spark for Azure Synapse Analytics | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ Migrating to SQL: Get Started with Azure SQL Readiness Assessments and Migrations from Azure Data Studio (Ep. 6) | Data Exposed


๐Ÿ“ˆ 27.5 Punkte

๐Ÿ“Œ How to reserve a public IP range in Azure using Public IP Prefix | Azure Friday


๐Ÿ“ˆ 26.63 Punkte

๐Ÿ“Œ Learn Live - Access data from Azure Blob Storage by using multiple protocols


๐Ÿ“ˆ 26.58 Punkte

๐Ÿ“Œ Azure Blob Storage enhancing data protection and recovery capabilities


๐Ÿ“ˆ 26.58 Punkte

๐Ÿ“Œ Big Data Cluster High Availability | Data Exposed | Data Exposed


๐Ÿ“ˆ 26.02 Punkte

๐Ÿ“Œ Spark in Big Data Clusters | Data Exposed | Data Exposed


๐Ÿ“ˆ 26.02 Punkte

๐Ÿ“Œ SQL Server Licensing: Big Data Clusters | Data Exposed | Data Exposed


๐Ÿ“ˆ 26.02 Punkte

๐Ÿ“Œ How to Shut Off Public Connectivity to Azure SQL Database | Data Exposed


๐Ÿ“ˆ 24.65 Punkte











matomo

Kontakt

24/7 kontakt@tsecurity.de

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software