Persistence via App Registration in Entra ID
Cloud Service Principal is the key, abuse the hole, or the misconfiguration. While I’m investigating or attacking the cloud for many components on a daily basis. I find a lot of abuses. Some of them...
Tagged: Azure AD
Configure Conditional Access Token Protection (CATP) with Conditional Access Policy (CAP)
Token protection creates secure cryptography between the token and the device it’s issued to, and without the client’s secret, the bound token is useless. When users register a Windows device and higher in Azure AD,...
Azure AD Conditional Access Token protection (CATP) First Impressions
Token stealing is a severe threat in Office 365 and any cloud environment. Attackers use various technologies and tactics to steal tokens instead of passwords. With those stolen tokens, they will access critical resources and...
Azure PIM Activation with additional MFA
Many customers, people in the industry, and the community asked me about applying for a second or additional MFA to the Azure PIM role when there is an existing MFA. We all know the importance...
Azure AD Access Review – Microsoft 365 Groups with Guest users
Identity governance in the cloud refers to managing and controlling user identities and their access to resources in a cloud computing environment. Cloud computing has become popular due to its scalability, flexibility, and cost-effectiveness. However,...
Recon Azure AD
Can you monitor or prevent a reconnaissance or enumeration? Especially reconnaissance (recon) on the cloud? Mostly not, and it depends on the recon types. While recon for local (on-premises) resources can be challenging or more...
Azure AD Incident Response Life-Cycle & Tools
The Azure AD Incident Response methodology is a critical life-cycle, process, and tool that anyone using identities on Azure, Office 365, and third-party clouds can count on. The Azure AD Incident Response explores how Azure...
Azure AD Cloud Sync First impressions
This blog post overviews the Azure AD Cloud Sync, some configurations, and first impressions from the field. Do you remember the days with the first directory synchronization method? For example, the one with BPOS on...
