10 Photos and videos
Dor retweeted
6 Jun 2024
Multifactor authentication (MFA) manipulation in compromised tenants can be hard to detect, as some changes can be dismissed as part of standard helpdesk processes. Microsoft shares guidance for hunting for MFA anomalies using Kusto Query Language (KQL): msft.it/6016YUu1I
3
106
255
30,290
It's rare, but CSRF in oauth auth flow sometimes has real life exploitable scenarios! Use 'state' param :)
13 Mar 2024
We (@SaltSecurity ) could access *private* GitHub repos of *other* users, using....... ChatGPT!
Open the comments below to understand exactly how👇
3
237
Dor retweeted
5 Oct 2023
Web Security vs. Binary Exploitation
98
1,896
10,142
833,667
Dor retweeted
3 Oct 2023
Our analysis of an attempt to steal the cloud identity in a SQL Server instance for lateral movement highlights the importance of securing cloud identities and implementing least privilege practices when deploying cloud-based and on-premises solutions: msft.it/60129oYRy
3
118
261
134,182
Dor retweeted
25 Sep 2023
Microsoft cloud is hiring a PM to manage nuclear reactors. jobs.careers.microsoft.com/g…
9
20
70
22,265
Dor retweeted
18 Sep 2023
My Okta for Red Teamers post is up! We look at how Kerberos SSO works, how to intercept credentials via a fake AD Agent, decrypting AD Agent tokens, adding skeleton key's, and even how to deploy a janky SAML IdP server to auth as any user for good measure. trustedsec.com/blog/okta-for…
24
369
907
98,553
Dor retweeted
28 Aug 2023
Adversary-in-the-middle (AiTM) phishing techniques continue to proliferate through the phishing-as-a-service (PhaaS) cybercrime model, as seen in the increasing number of-AiTM capable PhaaS platforms throughout 2023.
10
106
298
66,573
Dor retweeted
2 Aug 2023
Microsoft has identified highly targeted social engineering attacks by the threat actor Midnight Blizzard (previously NOBELIUM) using credential theft phishing lures sent as Microsoft Teams chats. Get detailed analysis, IOCs, and recommendations: msft.it/60199EEkv
10
232
473
147,235
Must read for defenders by @ElroyMcThomas 💥 These kind of attacks can cause huge money loss for victims and can be easily prevented.
25 Jul 2023
Microsoft security researchers have surfaced tell-tale patterns to help defenders identify and mitigate cloud cryptojacking, a form of cloud compute resource abuse that involves threat actors compromising cloud tenants to mine cryptocurrency: msft.it/6017ghRZ5
4
790
Dor retweeted
18 Jul 2023
The Orca Research Pod has discovered a critical design flaw in the #GoogleCloud Build service that enables attackers to escalate privileges and gain unauthorized access to code repositories and images in Artifact Registry. Learn more: tryorca.co/3pYpFPx
1
18
35
17,409
Dor retweeted
14 Jul 2023
We’re sharing more details from our investigation of the Storm-0558 campaign that targeted customer email, including our analysis of the threat actor’s techniques, tools, and infrastructure, and the steps we took to harden systems involved: msft.it/6017g26HL
8
228
424
267,388
Full documentary on the $200,000,000 @eulerfinance hack!
54
225
981
162,519
Great write-up! worth reading 👀
14 Jun 2023
The Orca Research Pod discovered two vulnerabilities in #Azure that allowed Cross-Site Scripting (#XSS) attacks. Both vulnerabilities have now been fixed.☁️ Learn about the intricacies of these #vulnerabilities and how to prevent #XSSvulnerabilities: tryorca.co/3J4UgRR
2
88
Another day another AiTM campaign
8 Jun 2023
A multi-stage AiTM phishing and BEC activity spanning multiple banking & financial services orgs uncovered by Microsoft Defender Experts shows the complexity of these threats that abuse trusted relationships between orgs with the intent of financial fraud: msft.it/6015gc3QV
1
121
Happy to share a new blog about super interesting incident I had a chance to investigate!
Read the thread to learn how threat actors are using AAD connect machines to pivot from on-prem -> cloud executing multiple destruction and collection operations in the cloud ☁️
🧵1/n
7 Apr 2023
Microsoft detected a unique operation in which threat actors, tracked as MERCURY and DEV-1084, carried out destructive actions in both on-premises and cloud environments. Learn more about the observed activity and tools and get TTPs and protection info: msft.it/6019gGFEV
1
4
34
9,102