Amsterdam, 4 August 2022
Secura speaks at DEF CON 2022: Presenting the Azure Cloud Hacking Tool
Roy Stultiens, a security expert at Secura, and Siebren Kraak, an IT & Cybersecurity student at Fontys Hogeschool, who did his graduation internship with Secura, developed a hacking tool for Azure Cloud security experts to help them learn about the potential security risks that occur when configurations are set up incorrectly. There are plenty of cloud security training tools out there, however, it was hard to find a proper one for Microsoft Azure Cloud. The tool is live now at BrokenAzure.Cloud and has been added to the portfolio of Secura’s BrokenbyDesign line of ‘hackable’ apps for enthusiasts to exploit and learn from. Essentially it is a Capture The Flag tool, where the hacker will have to find the flags hidden in the tool. Hints can be given if the hacker requires them to get through.
As organizations move their networks from physical environments towards cloud environments such as those from Amazon and Microsoft, it increases the amount of risks and challenges. Setting up in the cloud might be more scalable and easier, but it requires other knowledge and expertise than setting up physical networks. Wrong configurations can lead to many security risks.
“We are very proud of Siebren, the work he’s put into this important tool, and of course the fact that he’s been invited to speak at DEF CON, the biggest hacker conference in the world.” says Ralph Moonen, CTO at Secura. “We hope to continue to develop the tool in the future and that more people can learn from it.”
Ricardo Sanchez, a Senior Security Specialist, and Cloud Security Team Lead at Secura, has also been invited to speak at DEF CON this year at the Cloud Village on how to perform cloud security assessments and how to find common cloud misconfiguration.
Secura is an independent cybersecurity expert, providing insights to protect valuable assets and data. We make cybersecurity tangible and measurable in the field of IT, OT, and IoT. With security advice, testing, training, and certification services, Secura approaches cybersecurity holistically and covers all aspects from people, policies, and organizational processes to networks, systems, applications, and data. Since 2021, Secura is part of the Bureau Veritas Group.