Detecting Azure Hybrid Machine Attack Paths with Graph Theory
Today’s on-premises and cloud environments are ever-growing and becoming increasingly complex. Attackers know this and can and will exploit this fact, pivoting from network to network. Identity and access management is more critical than ever with hybrid cloud environments. Proper privileges must be assigned according to least privilege principles; if they are not, this is where the problem starts. Attack path mapping and graph databases offer a solution that can highlight potential paths to compromise.
Through simple Cypher queries, defenders can observe the potential risks within their environments and mitigate them as needed. This research extends the data collected by the security tool BloodHound to uncover hidden connections between on-premises devices and their cloud identities within an Azure environment. The research offers insights into how organizations can utilize standard tools to add context to their attack maps.
SANS_Detecting_Azure_Hybrid_Machine_Attack_Paths_Graph_Theory (PDF, 0.90MB)
7 Jan 2025Related Content
Cloud Security Groundhog Day: Avoiding Recurring Mistakes in a Dynamic Landscape
Research PaperDownload the SANS ebook and learn how to strengthen your cloud and AI security strategies.
- 16 Oct 2025
- Dr. Anton Chuvakin, Dr. Paul Vixie, Frank Kim, Simon Vernon, Brandon Evans, Dave Shackleford, Wesley Kuzma
ZTA Unpacked: The Critical Technical Components of Zero Trust Architecture
Research PaperThis paper demystifies the technical foundation of Zero Trust Architecture (ZTA) and outlines the key technologies that drive modern, mature implementations.
- 15 Aug 2025
- Greg Scheidel
Navigating the Challenges of Securing Hybrid Environments
Research PaperThis paper explores ways to bring clarity and control back to your hybrid security strategy—with practical guidance on Zero Trust, unified monitoring, and the evolving role of AI in modern defense.
- 24 Jul 2025
- Matt Bromiley
Securing Azure with PIM: A Just-in-Time Access Study
Research PaperThis study assesses Azure Privileged Identity Management (PIM) and its Just-in-Time access model within a controlled Azure environment, simulating enterprise scenarios across Azure Subscription Roles.
- 11 Jul 2025
Resiliency and Business Continuity in the Cloud Era
Research PaperIn this white paper, Dave Shackleford unpacks today’s evolving cloud threat landscape.
- 21 May 2025
- Dave Shackleford
Out-of-Band Defense: Securing VPNs from Password-Spray Attacks with Cloud Automation
Research PaperThis research examines an out-of-band solution to detect and block password-spray attacks on Remote Access VPN services, addressing vulnerabilities like Cisco’s CVE-2024-20481 amid rising threats post-COVID-19.
- 12 May 2025
- SANS Institute
Securing the Future with Microsoft Defender for Cloud: Best Practices and Insights
Research PaperIn this paper, you’ll learn how to enhance your cloud security posture through actionable insights and use cases involving Microsoft Defender for Cloud.
- 26 Mar 2025
- Dave Shackleford
The Flavor of Clouds: Are Some Cloud Platforms More Attractive to Attackers?
Research PaperSignificant financial loss and sensitive data exposure continue to be a significant risk for entities that host systems in the cloud.
- 17 Feb 2025
Cloud Security Monitoring on AWS
Research PaperCloud services adoption is growing massively year over year. In most cases, moving to the cloud...
- 8 Feb 2021
Firebase: Google Cloud's Evil Twin
Research PaperFirebase allows a frontend application to connect directly to a backend database. Security wonks...
- 8 Oct 2020
- Brandon Evans
Compliance Benchmarks using Cloud Custodian
Research PaperWith the increased cloud adaption rate, many companies are looking for ready to use product...
- 25 Sep 2020
Top 5 Considerations for Multicloud Security
Research PaperThe move to leveraging multiple public cloud providers introduces new challenges and opportunities...
- 15 Apr 2020
- Brandon Evans
Cybersecurity in the Age of the Cloud
Research PaperThe hand-selected resources in this eBook provide a well-rounded look at cybersecurity...
- 21 Feb 2020
- Frank Kim
Secure Internet Gateways: Backing Down from a Fight
Research PaperWhen does a security agent become a double agent? On-premise corporate devices are protected by a...
- 2 Nov 2018
Intrusion detection through traffic analysis from the endpoint using Splunk Stream
Research PaperWith technologies such as software-defined wide area networking (SD-WAN) and cloud operations, the...
- 24 May 2017
Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017
Research PaperAttackers are always changing their methods, but some cybersecurity trends are clear--and...
- 20 Mar 2017
- John Pescatore
Moving Legacy Software and FOSS to the Cloud, Securely
Research PaperAs more organizations consider the benefits of cloud adoption and use of legacy or freeand open...
- 28 Dec 2015
An Introduction To Securing a Cloud Environment
Research PaperWhile Cloud services offer flexibility, scalability and economies of scale, there have...
- 27 Nov 2012
Cloud Computing - Maze in the Haze
Research PaperWhen Amazon announced its EC2 environment in August 2006, one might not have imagined the change in...
- 18 Oct 2011
Following Incidents into the Cloud
Research PaperThe increased level of complexity which cloud computing has introduced to incident handling is not...
- 1 Mar 2011