Microsoft
Browserless Entra Device Code Flow
Zugspitze, Bavaria, Germany. Photo by Andrew ChilesDid you know that it is possible to perform every step in Entra’s OAuth 2.0 Device Code flow — including the user authentication steps — without a browser?Why that matters:Automating authentication flows enables ...
SCCM Hierarchy Takeover with High Availability
TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchyI previously wrote about how targeting site systems hosting the SMS Provider role can be used to ...
How ITDR Could Have Helped Microsoft in the Midnight Blizzard Hack
Identity-based attacks are on the rise, but they can be prevented with the right identity threat detection and response (ITDR) measures. As winter crept in last year, so did identity threat actors ...
Breaking Bitlocker
It was only a matter of time before someone did this. Bitlocker is Microsoft’s technique for encrypting a desktop, laptop, or other MS Windows device. We encrypt the device to protect the ...
Directory.ReadWrite.All Is Not As Powerful As You Might Think
Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the Global Admin Entra ID role.Why it mattersAzure admins and security professionals may put ...
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents
Learn about the vulnerabilities in major SaaS platforms brought to light from recent cybersecurity incidents. The post Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents appeared first on AppOmni ...
Microsoft Breach — How Can I See This In BloodHound?
Microsoft Breach — How Can I See This In BloodHound?SummaryOn January 25, 2024, Microsoft announced Russia’s foreign intelligence service (i.e., Sluzhba vneshney razvedki Rossiyskoy Federatsii [SVR]) breached their corporate EntraID environment. We reviewed the ...
Microsoft Breach — What Happened? What Should Azure Admins Do?
Microsoft Breach — What Happened? What Should Azure Admins Do?On January 25, 2024, Microsoft published a blog post that detailed their recent breach at the hands of “Midnight Blizzard”. In this blog post, I will ...
Microsoft Ditches C# for Rust: M365 Core Gets Safety and Perf Boosts
C# — Rust in peas: Microsoft 365 “Core Platform Substrate” gets rewrite in Rust language ...
Russia Hacked Microsoft Execs — SolarWinds Hackers at it Again
AKA APT29: Midnight Blizzard / Cozy Bear makes it look easy (and makes Microsoft look insecure) ...