Microsoft

Zugspitze, Bavaria, Germany. Photo by Andrew ChilesDid you know that it is possible to perform every step in Entra’s OAuth 2.0 Device Code flow — including the user authentication steps — without a browser?Why that matters:Automating authentication flows enables ...

TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchyI previously wrote about how targeting site systems hosting the SMS Provider role can be used to ...

Identity-based attacks are on the rise, but they can be prevented with the right identity threat detection and response (ITDR) measures.  As winter crept in last year, so did identity threat actors ...

It was only a matter of time before someone did this. Bitlocker is Microsoft’s technique for encrypting a desktop, laptop, or other MS Windows device. We encrypt the device to protect the ...

Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the Global Admin Entra ID role.Why it mattersAzure admins and security professionals may put ...

Learn about the vulnerabilities in major SaaS platforms brought to light from recent cybersecurity incidents. The post Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents appeared first on AppOmni ...

Microsoft Breach — How Can I See This In BloodHound?SummaryOn January 25, 2024, Microsoft announced Russia’s foreign intelligence service (i.e., Sluzhba vneshney razvedki Rossiyskoy Federatsii [SVR]) breached their corporate EntraID environment. We reviewed the ...

Microsoft Breach — What Happened? What Should Azure Admins Do?On January 25, 2024, Microsoft published a blog post that detailed their recent breach at the hands of “Midnight Blizzard”. In this blog post, I will ...

C# — Rust in peas: Microsoft 365 “Core Platform Substrate” gets rewrite in Rust language ...

AKA APT29: Midnight Blizzard / Cozy Bear makes it look easy (and makes Microsoft look insecure) ...