Block All Exportable Certificates via Policy
In an earlier blog, a simple PowerShell script was provided that allows all certificates within all Key Vaults to be dumped as PKCS#12 files. In theory, a simple fix for this is to create and apply a policy to block all Exportable Certificates via Policy – Using Azure policy, you can create a policy
Attacking Azure Key Vault for Fun
In an earlier blog, we described how Azure Key Vault allows exporting of the key material of certificates by default in most scenarios. So how can we go about exploiting this? The first and most obvious way is to enumerate all Azure Key Vaults that you have access to and simply dumping the keys out. [&helli