CYBERDOM

Just another day of IR, Threat-Hunting & Microsoft Security

Tagged: CyberSecurity

1

Security

Persistence via App Registration in Entra ID

Cloud Service Principal is the key, abuse the hole, or the misconfiguration. While I’m investigating or attacking the cloud for many components on a daily basis. I find a lot of abuses. Some of them...

2

Security

Cloud Penetration Testing from the field

Breaking the Cloud via “some service” is every pentester or red reamer mission. While the Blue team, SecOps, and other security teams struggle to minimize the attack surface area, create friction with attackers, and gain...

0

Generative AI

Be the Purple with Generative AI

If you are interested in artificial intelligence, natural language processing, or cybersecurity, you might have heard of ChatGPT. It is a state-of-the-art language generation model that can produce realistic and coherent text on almost any...

Defender TI 0

Defender Threat Intelligence / TI

Investigation in Defender TI

While investigating an incident, we aim to find the campaign, the attackers, and who is behind the attack – in this situation, Context is Everything. Threat intelligence plays a critical role in many scenarios; an...

0

Attacking the Cloud

Recon Azure AD

Can you monitor or prevent a reconnaissance or enumeration? Especially reconnaissance (recon) on the cloud? Mostly not, and it depends on the recon types. While recon for local (on-premises) resources can be challenging or more...

Defender EASM 0

Microsoft Defender EASM

Defender EASM Glossary

You’ve probably heard about EASM, External Scan Management, Exposure Management, External Attack Surface, and many other interpretations. But the questions are, is this a tool? A capability? Or just the latest buzzword that nobody understands?...

error: Content is Protected !!