So maybe I'm mis-understanding the global admin role, but it seems I can add entitlements to any resource I want by default which seems very different in AWS where the management/payer account (which seems to be the equivalent of global admin) does not have access to certain OUs or keys for example. Only the root owner or creator of that resource would. What am I missing?
![[Unikernel Application Spotlight] Gazette](http://i.ytimg.com/vi/Ri_Q9j8Szmo/mqdefault.jpg)
![[Unikernel Application Spotlight] Gazette](/img/tr.png)
This was great Beau. More Azure attacks using BloodHound or other tools would be amazing. Thanks
Another great vid. really good stuff.
but how do i know which services will give privilege escalation?? can you provide any resources to learn privilege escalations in cloud??
Hey Beau. When are you posting next? No pressure, but I always look forward to your videos 😊
More like this! Good stuff!
So maybe I'm mis-understanding the global admin role, but it seems I can add entitlements to any resource I want by default which seems very different in AWS where the management/payer account (which seems to be the equivalent of global admin) does not have access to certain OUs or keys for example. Only the root owner or creator of that resource would. What am I missing?
What are you missing? You’re comparing Azure and AWS… they’re different and have different policies under the hood…?
If someone hacked me doing this, how would I go about securing my account