passivedirectory.bsky.social
@passivedirectory.bsky.social
Blog time! With the FIDO2 passkey provisioning Graph API in public preview I have been looking at this from an offensive security perspective. Turns out you can abuse application permissions to provision passkeys for Global Administrators. www.secura.com/blog/abusing... #entra #cybersecurity #graph
The keys to the kingdom: how attackers can use FIDO2 passkeys against you
FIDO2 passkeys are a step forward for securely managing identities. But they can also be abused. Senior security specialist Max Rozendaal explains how attackers do this, and what you can do to mitigat...
www.secura.com
October 8, 2024 at 3:33 PM
Blog time! With the FIDO2 passkey provisioning Graph API in public preview I have been looking at this from an offensive security perspective. Turns out you can abuse application permissions to provision passkeys for Global Administrators. www.secura.com/blog/abusing... #entra #cybersecurity #graph