Home

How Azure Security Center detects vulnerabilities using administrative tools

%3CLINGO-SUB%20id%3D%22lingo-sub-138963%22%20slang%3D%22en-US%22%3EHow%20Azure%20Security%20Center%20detects%20vulnerabilities%20using%20administrative%20tools%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-138963%22%20slang%3D%22en-US%22%3E%3CP%3EEarlier%20this%20year%2C%20Rob%20Mead%20wrote%20a%20great%20article%20on%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20title%3D%22%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fhow-azure-security-center-automates-the-detection-of-cyber-attack%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Etechniques%20used%20at%20scale%20by%20Azure%20Security%20Center%20to%20detect%20threats%3C%2FA%3E.%20In%20this%20post%2C%20we%E2%80%99ll%20go%20into%20the%20details%20on%20one%20such%20example%2C%20enabling%20Azure%20Security%20Center%20to%20detect%20usage%20of%20backdoor%20user%20account%20creation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBackdoor%20user%20accounts%20are%20those%20accounts%20that%20are%20created%20by%20an%20adversary%20as%20part%20of%20the%20attack%2C%20to%20be%20used%20later%20in%20order%20to%20gain%20access%20to%20other%20resources%20in%20the%20network%2C%20open%20new%20entry%20points%20into%20the%20network%20as%20well%20as%20achieve%20persistency.%20MITRE%20lists%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20title%3D%22%22%20href%3D%22https%3A%2F%2Fattack.mitre.org%2Fwiki%2FTechnique%2FT1136%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecreate%20account%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Etactic%20as%20part%20of%20the%20credentials%20access%20intent%20of%20stage%20and%20lists%20several%20toolkits%20that%20uses%20this%20technique.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F25942i3F6B9CA00813E0E7%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Slide1.PNG%22%20title%3D%22Slide1.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERead%20about%20it%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fhow-azure-security-center-detects-vulnerabilities-using-administrative-tools%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20blog%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-138963%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Community Manager

Earlier this year, Rob Mead wrote a great article on the techniques used at scale by Azure Security Center to detect threats. In this post, we’ll go into the details on one such example, enabling Azure Security Center to detect usage of backdoor user account creation.

 

Backdoor user accounts are those accounts that are created by an adversary as part of the attack, to be used later in order to gain access to other resources in the network, open new entry points into the network as well as achieve persistency. MITRE lists the create account tactic as part of the credentials access intent of stage and lists several toolkits that uses this technique.

 

Slide1.PNG

 

Read about it in the Azure blog.