pebes

@[email protected]
3 Followers
0 Following
27 Posts
pebesJun 19, 2024
Some stuff to read … https://learn.microsoft.com/de-de/graph/permissions-reference #Microsoft #Azure #GraphAPI Reference with explanations for each privilege…
Microsoft Graph-Berechtigungsreferenz - Microsoft Graph

Microsoft Graph macht differenzierte Berechtigungen verfügbar, die den Zugriff von Apps auf Ressourcen wie Benutzer, Gruppen und E-Mails steuern. Als Entwickler entscheiden Sie, welche Berechtigungen für Microsoft Graph Ihre App anfordert.

pebesJun 17, 2024
#Logging in #Microsoft #Windows and #AD environments - https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-windows-event-collection
Configure audit policies for Windows event logs - Microsoft Defender for Identity

This article describes how to configure audit policies for Windows event logs as part of deploying a Microsoft Defender for Identity sensor.

pebesApr 26, 2024

Know what your #enemy does:

https://microsoft.github.io/Azure-Threat-Research-Matrix/

#Microsoft #M365 #Threat-Matrix shows how attackers work from Initial Access to Persistence.

Azure Threat Research Matrix

pebesApr 23, 2024
How does DevSecOps work?
Not very Well ...
https://www.datadoghq.com/state-of-devsecops/
State of DevSecOps

For our 2025 report, we analyzed data from thousands of cloud environments to assess trends in application security posture and adoption of DevSecOps best practices.

Datadog
pebesFeb 20, 2024

Administrative-tier-model to impede privilege escalation attacks in 2024:

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/protecting-tier-0-the-modern-way/ba-p/4052851

Protecting Tier 0 the Modern Way

Almost every attack on Active Directory you hear about today – no matter if ransomware is involved or not – (ab)uses credential theft techniques as the key..

TECHCOMMUNITY.MICROSOFT.COM
pebesFeb 19, 2024

Wondering about E-Mail-Security configuration regarding senders and their authentication? #BSI TR-03182 is here to safe your day:

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03182/BSI-TR-03182.pdf?__blob=publicationFile&v=6

BSI-compliant e-mail authentication involves #SPF #DKIM #DMARC - great to have it standardized now.

pebesJan 18, 2024
Hunting for Threats in #M365? Watch those Events collected by #MSIRT: https://www.microsoft.com/content/dam/microsoft/final/en-us/microsoft-brand/documents/MSFT-IR-UAL-Entra-Guide-JAN24.pdf
pebesDec 15, 2023

Find out what‘s happening in your tenant using the #Microsoft Unified Audit Log to identify malicious activities:

https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/investigating-malicious-oauth-applications-using-the-unified/ba-p/4007172

Investigating malicious OAuth applications using the Unified Audit Log

Abstract Supply chain attacks continue to evolve in sophistication with new TTPs emerging every few months. In this article we highlight some of the most..

TECHCOMMUNITY.MICROSOFT.COM
pebesDec 7, 2023

Great to read: #Microsoft IR Team on Common Attacks against identities and recommendations to impede them.

https://www.microsoft.com/en-us/security/blog/2023/12/05/microsoft-incident-response-lessons-on-preventing-cloud-identity-compromise/

Microsoft Incident Response lessons on preventing cloud identity compromise | Microsoft Security Blog

In real-world customer engagements, Microsoft Incident Response (Microsoft IR) sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants. Effective protection of a customer’s Entra ID tenant is less challenging than protecting an Active Directory deployment but does require governance and monitoring. Reducing risk and exposure of your most privileged accounts plays a critical role in preventing or detecting attempts at tenant-wide compromise.

Microsoft Security Blog
pebesDec 6, 2023

Pretty cool next step to optimize phishing - using Microsoft DevTenants with custom domains:
https://badoption.eu/blog/2023/12/03/PhishingInfra.html

Phishing from within .. so to say .. and with the trust everyone puts into *.protection.outlook.com senders.

O365 Phishing infrastructure

Speedrun for a O365 Phishing infrastructure Microsoft offers some Developer Tenants for O365. Those tenants can be used to set up a fishing infrastructure within minutes, emails will make it to almost all inboxes, specially in O365 environments. And you get a nice Teams phishing infra as bonus

BadOption.eu