Just another day of IR, Threat-Hunting & Microsoft Security
Ransomware attacks grow and cripple companies, cities, and businesses. Attackers are locking people out of their networks and demanding significant payment to get back in. The case is that many organizations still pay attackers in...
Cloud Service Principal is the key, abuse the hole, or the misconfiguration. While I’m investigating or attacking the cloud for many components on a daily basis. I find a lot of abuses. Some of them...
Many times people asked me about the differences between external attack surface management, vulnerability management, and penetration testing. Mostly “What will be the and the right approach to handling security tools alongside the behavior and...
Threat Hunting in the Cloud differs from Legacy Threat Hunting (on-premise). Change my Mind. This post, among many others in the “Cloud Threat Hunting” series, will take you into the Cloud Threat-Hutning and “little things”...
If you heard a noise on social media from May (2023), it’s probably the same noise that most of us heard: the announcement of specific domains by Google. Google Registry announced eight new top-level domains...
Cybersecurity adores fancy words and buzz…, and you’re in for another joy – ASM, DRP, EASM, CAASM. This blog post provides additional information on the state of external attack surface management, and it’s related tools...
Token protection creates secure cryptography between the token and the device it’s issued to, and without the client’s secret, the bound token is useless. When users register a Windows device and higher in Azure AD,...
Token stealing is a severe threat in Office 365 and any cloud environment. Attackers use various technologies and tactics to steal tokens instead of passwords. With those stolen tokens, they will access critical resources and...
