Azure Networking Dark Arts: The Implicit Paths Your Diagrams Don't Show-Achia Rosenfeld & Kobi Rubin
Achia Rosenfeld, Kobi Rubin
fwd:cloudsec North America 2026 · Day 1
In this fwd:cloudsec presentation, "Azure Networking Dark Arts: The Implicit Paths Your Diagrams Don't Show," Achia Rosenfeld and Kobi Rubin from Act Security peel back the layers of Azure's often opaque networking behaviors. They illuminate how Azure's "easy-to-use" design frequently obscures critical routing decisions, leading to implicit traffic paths that bypass security controls and defy conventional network diagrams. The talk serves as a crucial wake-up call for organizations operating complex Azure environments, demonstrating how subtle, undocumented defaults can introduce significant security vulnerabilities.
AI review
Competent, practitioner-focused research on two real Azure networking footguns — Service Endpoint route injection and VPN Gateway asymmetric routing — that will genuinely help cloud engineers who haven't hit these issues yet. The findings are valid and the methodology is sound, but neither scenario is novel to anyone who's spent real time debugging Azure effective routes, and the talk doesn't push into territory that would surprise an experienced Azure network security practitioner.