Another day of Cybersecurity
In the modern Microsoft 365 threat landscape, SharePoint Online is no longer a document dump. It is a sprawling, API rich, over permissioned jungle wired into the core fabric of collaboration. With tight Graph API hooks, seamless integration with Teams, … Read the rest
Active Directory Domain Services (ADDS) service accounts are special accounts used by applications or services to interact with network resources. Traditionally, these were often standard user accounts with static passwords, leading to security risks. Later, Microsoft introduced Managed Service Accounts … Read the rest
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you’re diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.
Note: This repository is under development. … Read the rest
Ransomware attacks grow and cripple companies, cities, and businesses. Attackers are locking people out of their networks and demanding significant payment to get back in. The case is that many organizations still pay attackers in order to get their data … Read the rest
Many times people asked me about the differences between external attack surface management, vulnerability management, and penetration testing. Mostly “What will be the and the right approach to handling security tools alongside the behavior and procedures. While many organization has … Read the rest
If you heard a noise on social media from May (2023), it’s probably the same noise that most of us heard: the announcement of specific domains by Google.
Google Registry announced eight new top-level domains (TLDs) that day: .esq, .foo, … Read the rest
Cybersecurity adores fancy words and buzz…, and you’re in for another joy – ASM, DRP, EASM, CAASM.
This blog post provides additional information on the state of external attack surface management, and it’s related tools and technologies.
Why the External … Read the rest
Token protection creates secure cryptography between the token and the device it’s issued to, and without the client’s secret, the bound token is useless. When users register a Windows device and higher in Azure AD, their primary identity is bound … Read the rest
