Binary Security found the undocumented APIs for Azure API Connections. In this post we examine the inner workings of the Connections allowing us to escalate privileges and read secrets in backend resources for services ranging from Key Vaults, Storage Blobs, Defender ATP, to Enterprise Jira and SalesForce servers. Background During a client engagement, I was checking out their Azure Resources looking for common vulnerabilities. They were utilizing a Logic App to post some messages to Slack. Usua...