Mastodawn

s0ups 🍲Nov 8, 2022

Nov 8, 2022

Check out the blog I wrote with Sravan Akkaram on "Bypassing #AzureAD home tenant #MFA & CA"

TL;DR:
▪ Home tenant admins CAN'T enforce home tenant CA if users login directly to resource tenant
▪ User's tenant information can be viewed by logging in to resource tenant

This has at least two implications:
1️⃣ This allows adversaries to gather users' tenant membership information with just username and password by logging in to any B2C resource tenant.
2️⃣ Adversaries can pivot to other tenants which may or may not have MFA/CA

MSRC advised using "Cross-tenant access settings", but that only allows home tenant admins to block or allow access to all or specific resource tenants. It does not allow them to enforce home tenant MFA/CA.

https://learn.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-overview

Bypassing Azure AD home tenant MFA and CA

Multi-factor Authentication (MFA) and Conditional Access (CA) policies are powerful tools to protect Azure AD users’ identities. For instance, one may allow access only from compliant devices and require MFA from all users. However, because of Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants. This blog post tries to shed some light on how Azure AD authentication works under-the-hood. We’ll introduce the issue, describe how to exploit it, show how to detect exploitation, and finally, how to prevent the exploitation. The blog is co-authored with @SravanAkkaram and is based on his findings.

s0ups 🍲Nov 7, 2022

Wilderness is "an area where the earth and its community of life are untrammeled by man, where man himself is a visitor who does not remain." - Wilderness Act of 1964

Last month's #WildWestHackinFest #hamventures as I slowly made my way back to Colorado. I managed to fit 10 summits in during my week-long stay in the #blackhills of South Dakota. It was busy and challenging but very rewarding! Some were simple drive-up peaks while others required miles of hiking.

For the uninitiated - #sota (Summits on the Air) is "an award scheme for radio amateurs that encourages portable operation in mountainous areas." Basically it's operating with portable radio equipment on designated mountain tops for fun and debt. Obtaining a certain number of contacts grants you points for that particular summit, and those that make contact with you also receive points. The rules are made up and the points don't matter. But there are awards! You can find out more at https://www.sota.org.uk/.

I made well over 200 contacts via #morsecode during the week, many of whom hunted me multiple times on different mountain tops! It's always interesting to see how far your signal travels using lower-powered setups. I managed to work F4WBN in France a few times with a mere 4-5 watts of power!

If you've never made it to the Black Hills area of South Dakota I highly recommend you check it out. It's extremely beautiful, especially Custer State Park.

Equipment used is a #LNR precision MTR4bv2, #SOTABEAMS Bandspringer wire antenna, #Elecraft AX1 whip antenna, #Elecraft T1 ATU tuner, and a #CWMorse paddle.

Enjoy some pictures!

s0ups 🍲Nov 7, 2022

Here's me #introduction - I grew up an avid #gamer on old school #mmorpg and #fps . #hacking became my passion at a young age and over the years I've been fortunate enough to meet some truly amazing folks within the #infosec community and I'm better for it - #DEFCON #Goon #NOLACON Staff and #3o3 helped make that possible. Support your local cons and communities! I started in #iam before branching into #soc #sirt #threatintelligence and now #redteam . #blueteam is still my passion but there's nothing sweeter than finding and exercising vulns in an attack chain.

I've recently dove into #hamradio and have fallen in love with activating #sota summits with low power #qrp setups using #morsecode #cw . Callsign is WS0UP!