tom-rutt.com

tom-rutt.com tom-rutt.com tom-rutt.com

tom-rutt.com

tom-rutt.com tom-rutt.com tom-rutt.com
  • home
  • portfolio
  • about me
  • resources
  • Blog
  • More
    • home
    • portfolio
    • about me
    • resources
    • Blog
  • home
  • portfolio
  • about me
  • resources
  • Blog

Cloud Security Projects

Insecure Azure Lab

I had lots of fun with this one, I built a contained Azure lab that was intentionally insecure, simulated both attack and defence techniques and wrote up a pen-testing report, the following is some of what I learnt.


What I Did:

🔵 Built a "secure" Azure environment using Terraform (Infrastructure-as-Code)

🔵 Enumerated Azure AD and Resource permissions via API tokens

🔵 Identified privilege escalation paths (Contributor role access)

🔵 Validated findings using ethical red-team techniques

🔵 Cleaned up all resources and produced a professional-style pentest report

Key Takeaways:

🔴 Understanding how IAM roles, RBAC, and Managed Identities can be exploited (and protected) in Azure environments

🔴 Learning the balance between offense and defense in cloud security

🔴 Gaining confidence with Terraform, Azure CLI, and real attack simulation methodology

Feel free to have a go yourself,
https://lnkd.in/gk_NHujr

Copyright © 2026 tom-rutt.com - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept