Dew Drop Weekly Newsletter 462 - Week Ending December 26, 2025

https://zc.vg/yFIJE?m=0

#dewdrop #newsletter #aspnetcore #azure #javascript #dotnetmaui #appdev #mobiledev #xaml #windowsdev #csharp #dotnet #ai #mcp #agile #devops #python #podcasts #m365 #data #sqlserver #powershell

🛠️ Tool
===================

Opening:
TokenFlare is an open-source, serverless Adversary-in-the-Middle (AiTM) phishing framework focused on Entra ID and Microsoft 365 authentication flows. The project packages capabilities to capture post-authentication artifacts (session cookies, tokens) and to exchange them for API access via Microsoft Graph.

Key Features:
• Credential and session capture: captures credentials and session cookies at phishing interaction time.
• Serverless infrastructure: designed to run on serverless platforms (notably Cloudflare Workers) to provide TLS, scalability, and obfuscation of hosting.
• Post-auth exploitation path: uses captured session material to perform actions via Graph API for lateral access or demonstration purposes.
• Operational tooling: interactive campaign configuration, webhook delivery of captured artifacts, and built-in bot/anti-automation protections.

Technical Implementation:
• Architecture centers on a stateless serverless front end that handles the phishing interaction, stores minimal transient state, and forwards captured session material to a collector endpoint.
• Use of session cookies and tokens enables exchange into API access where permissions permit; the framework demonstrates how post-auth artifacts can be reused to query Microsoft Graph.
• Design choices prioritize low overhead for operators: SSL and bot protection are provided by the hosting platform, while credential delivery is webhook-driven.

Use Cases:
• Red team engagements that aim to test identity controls without deploying agents to endpoints.
• Purple-team exercises demonstrating the impact of exposed session tokens and inadequate session revocation.
• Security assessments focused on conditional access, token lifetimes, and Graph API permissions.

Limitations and Considerations:
• Effective operation depends on the hosting platform and on captured artifacts that retain validity; short token lifetimes or strong conditional access policies reduce efficacy.
• Detection requires correlating anomalous token use, session reuse, and unexpected Graph API calls originating from novel serverless hosts.
• Not novel in technique: commoditised AiTM kits exist on underground markets; TokenFlare provides an authorized testing equivalent.

References and Context:
• The framework was used in 15+ engagements and publicly demonstrated at a security conference; it is published as an open-source project for authorised testers.

🔹 tool #M365 #Cloudflare #Entra_ID #phishing

🔗 Source: https://labs.jumpsec.com/tokenflare-serverless-AiTM-phishing-in-under-60-seconds/

Trí tuệ Copilot & Teams tạo năng suất nhưng không tự động đảm bảo CMMC. Thực tế, tuân thủ phụ thuộc vào kiến trúc, ranh giới tin cậy và quy trình. Rahsi Defense Security Mesh™ cho phép xác định rõ các zoned CUI/FCI, chứa trình duyệt Copilot, quản lý tin cậy xuyên tenant, và cung cấp bằng chứng định quad. #CMMC #M365 #Copilot #Teams #ZeroTrust #AI #CyberSecurity

https://dev.to/aakash_rahsi_8d28156d5f2c/rahsi-defense-security-mesh-copilot-teams-enable-productivity-cmmc-compliance-demands-5hjg

Stop treating Copilot as a niche project.

It’s a utility, just like electricity, corporate email, or Wi-Fi.

Are you still trying to calculate the ROI of the lights in your office?

Read it here: https://intranetfromthetrenches.substack.com/p/the-hidden-cost-of-inaction-why-you-dont-need-a-business-case-for-copilot

#Copilot #M365 #Microsoft365 #AIReadiness

If you've passed the 93-day window, don't give up!

Microsoft keeps a backup copy of your site collection for an additional 14 days.

Have you ever had to contact Microsoft Support for a full site collection restore?

#Microsoft365 #M365 #Backup #SharePoint #SPO #SharePointOnline

Dew Drop Weekly Newsletter #462 - Week Ending December 19, 2025

https://zc.vg/TyMH4?m=0

#dewdrop #newsletter #javascript #aspnetcore #xaml #dotnet #csharp #ai #mcp #devops #agile #IoT #appdev #podcasts #python #sqlserver #data #m365 #powershell #devtools #dewdrop

Das Copilot Manual für dich: Grundlage und Orientierung für den KI-Einstieg

https://fed.brid.gy/r/https://www.ipi-gmbh.com/das-copilot-manual-fuer-dich-grundlage-und-orientierung-fuer-den-ki-einstieg/