May the Least Privilege Be With You
Marios Gyftos, Nikos Vourdas
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
In the evolving landscape of cloud security, organizations are increasingly aware of the need to secure user identities. However, a significant blind spot often remains: the security posture of **service principals** and **enterprise applications** within cloud environments like Microsoft Azure. This talk, "May the Least Privilege Be With You," delivered by Marios Gyftos and Nikos Vourdas at Cloud Village, meticulously dissects the dangers posed by excessive privileges assigned to these non-user entities. The speakers present a compelling case for why these overlooked components represent a critical attack surface, demonstrating how they can be abused in real-world scenarios to achieve high-impact compromises, from full Azure subscription access to sensitive data exfiltration and code execution.
AI review
Competent, practitioner-level cloud offensive research covering Azure service principal abuse with four concrete attack chains and a supporting enumeration tool. The content is solid and engagement-tested, but it's largely a synthesis and extension of existing SpecterOps/Mandiant/Secureworks work rather than a foundational new contribution — the DevOps orphaned-org pivot and the Intune LOB deployment angle are the freshest pieces here.