Christian Biehler
@cssec.bsky.social
InfoSec Professional - Microsoft 365 & MS Windows Security guy - Speaker, Pentester, Training, Dad.
www.zerosalarium.com/2024/12/LOLB...
Using WinGet as LOLBIN ...
Using WinGet as LOLBIN ...
LOLBIN / LOLBAS – WinGet execute PowerShell script
LOLBIN WinGet.exe can be exploited to download and execute remote and fileless PowerShell scripts.
www.zerosalarium.com
January 26, 2025 at 4:50 AM
www.zerosalarium.com/2024/12/LOLB...
Using WinGet as LOLBIN ...
Using WinGet as LOLBIN ...
Schadsoftware als VSCode-Extension - 🤔
hunt.io/blog/malicio...
hunt.io/blog/malicio...
VS Code Extension Impersonating Zoom Targets Google Chrome Cookies
Uncover a deceptive VS Code extension, masquerading as Zoom, that pilfers your Google Chrome cookies. Join us as we expose the techniques behind this alarming supply chain campaign.
hunt.io
January 23, 2025 at 6:05 AM
Schadsoftware als VSCode-Extension - 🤔
hunt.io/blog/malicio...
hunt.io/blog/malicio...
Heared about TokenSmith to Bypass Azure CA compliance Checks?
Using join/registered-Device as Indicator seems not to be affected - [german] www.bi-sec.de/2024/12/28/m... - Update from january 11.
Using join/registered-Device as Indicator seems not to be affected - [german] www.bi-sec.de/2024/12/28/m... - Update from january 11.
Microsoft 365 - Geräte-Compliance-Bypass -
Angriffe auf Microsoft 365 über Gerätecompliance-Bypass sind ab jetzt der Standard. Intune-Portal sei dank, können Angreifer CA umgehen!
www.bi-sec.de
January 11, 2025 at 3:34 PM
Heared about TokenSmith to Bypass Azure CA compliance Checks?
Using join/registered-Device as Indicator seems not to be affected - [german] www.bi-sec.de/2024/12/28/m... - Update from january 11.
Using join/registered-Device as Indicator seems not to be affected - [german] www.bi-sec.de/2024/12/28/m... - Update from january 11.
Reposted by Christian Biehler
#TokenTactics V2 now has support for auth code flow, if you know what I mean. Other features in v0.2.5 are Invoke-RefreshToDeviceRegistrationToken and backwards compatibility for the v1 endpoint for those special cases. #Entra
GitHub - f-bader/TokenTacticsV2: A fork of the great TokenTactics with support for CAE and token endpoint v2
A fork of the great TokenTactics with support for CAE and token endpoint v2 - f-bader/TokenTacticsV2
github.com
January 4, 2025 at 5:48 PM
#TokenTactics V2 now has support for auth code flow, if you know what I mean. Other features in v0.2.5 are Invoke-RefreshToDeviceRegistrationToken and backwards compatibility for the v1 endpoint for those special cases. #Entra
Reposted by Christian Biehler
Reposted by Christian Biehler
I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.
December 29, 2024 at 2:46 AM
I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.
Bypassing Device-Compliance in Microsoft 365 with the new Tool TokenSmith abusing Intune Portal App - [german] www.bi-sec.de/2024/12/28/m...
Microsoft 365 - Geräte-Compliance-Bypass - < bi-sec >
Angriffe auf Microsoft 365 über Gerätecompliance-Bypass sind ab jetzt der Standard. Intune-Portal sei dank, können Angreifer CA umgehen!
www.bi-sec.de
December 28, 2024 at 3:06 PM
Bypassing Device-Compliance in Microsoft 365 with the new Tool TokenSmith abusing Intune Portal App - [german] www.bi-sec.de/2024/12/28/m...
Looks promissing for Conditional Acceess ideas .. github.com/aollivierre/...
GitHub - aollivierre/ConditionalAccess: This repository contains a comprehensive set of Conditional Access (CA) policies and PowerShell management tools for Microsoft Entra ID (formerly Azure AD), des...
This repository contains a comprehensive set of Conditional Access (CA) policies and PowerShell management tools for Microsoft Entra ID (formerly Azure AD), designed to enhance your organization...
github.com
December 28, 2024 at 5:54 AM
Looks promissing for Conditional Acceess ideas .. github.com/aollivierre/...
Anyone can explain how the passkey can be shared across devices if they‘re stored in TPM where they can‘t be extracted?
geekwolf.cloud/2024/12/17/A...
geekwolf.cloud/2024/12/17/A...
A look into authentication: Passwordless and Passkeys
A journey into the world of authentication, from passwords, hashes, credentials, protocols, MFA, through to passwordless
geekwolf.cloud
December 28, 2024 at 5:50 AM
Anyone can explain how the passkey can be shared across devices if they‘re stored in TPM where they can‘t be extracted?
geekwolf.cloud/2024/12/17/A...
geekwolf.cloud/2024/12/17/A...
Reposted by Christian Biehler
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.
Cybersecurity firm's Chrome extension hijacked to steal user data
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.
www.bleepingcomputer.com
December 27, 2024 at 3:39 PM
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.
Nice starting Point:
medium.com/@cyberengage...
medium.com/@cyberengage...
Microsoft 365 Security: Understanding Built-in Detection Mechanisms and Investigating Log Events
As the landscape of cybersecurity threats evolves, protecting sensitive information stored within enterprise platforms like Microsoft 365…
medium.com
December 25, 2024 at 6:00 AM
Nice starting Point:
medium.com/@cyberengage...
medium.com/@cyberengage...
Reposted by Christian Biehler
Another huge security improvement⚡Microsoft now allows you to federate your app registrations with a Managed Identity, perfect for securely accessing resources in other tenants with multi-tenant apps! > ourcloudnetwork.com/microsoft-no...
Microsoft now allows connecting to Multi-tenant apps using Managed Identities
Learn how to connect to other tenants using Managed Identity federation on your app registration in Microsoft Entra.
ourcloudnetwork.com
December 23, 2024 at 8:15 AM
Another huge security improvement⚡Microsoft now allows you to federate your app registrations with a Managed Identity, perfect for securely accessing resources in other tenants with multi-tenant apps! > ourcloudnetwork.com/microsoft-no...
Got the Same things happening december 12 in one customer tenant - great List by @merill.net - what would we do without those stuff ❤️
Recently started monitoring for new service principals & app IDs added to our Entra tenant. 1st alert for something we didn't do "Microsoft Entra AD Synchronization Service" created 12/6. Our Entra Connect server app didn't update. I get this is expected likely - but 1/2
December 14, 2024 at 9:26 AM
Got the Same things happening december 12 in one customer tenant - great List by @merill.net - what would we do without those stuff ❤️
github.com/ricardojoser...
Interesting Solution to get credentials on Windows.
Interesting Solution to get credentials on Windows.
GitHub - ricardojoserf/NativeBypassCredGuard: Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions - ricardojoserf/NativeBypassCredGuard
github.com
December 10, 2024 at 3:52 AM
github.com/ricardojoser...
Interesting Solution to get credentials on Windows.
Interesting Solution to get credentials on Windows.
Reposted by Christian Biehler
‼️Important notice‼️
Administrative templates will no longer be available in Intune. Settings in this template can be configured via settings catalog only. Expected with Intune's December (2412) release.
techcommunity.microsoft.com/blog/intunec...
#Intune #Microsoft
Administrative templates will no longer be available in Intune. Settings in this template can be configured via settings catalog only. Expected with Intune's December (2412) release.
techcommunity.microsoft.com/blog/intunec...
#Intune #Microsoft
Support tip: Windows device configuration policies migrating to unified settings platform in Intune | Microsoft Community Hub
New unified settings for device configuration policies in Microsoft Intune!
techcommunity.microsoft.com
November 29, 2024 at 7:10 AM
‼️Important notice‼️
Administrative templates will no longer be available in Intune. Settings in this template can be configured via settings catalog only. Expected with Intune's December (2412) release.
techcommunity.microsoft.com/blog/intunec...
#Intune #Microsoft
Administrative templates will no longer be available in Intune. Settings in this template can be configured via settings catalog only. Expected with Intune's December (2412) release.
techcommunity.microsoft.com/blog/intunec...
#Intune #Microsoft
Yara rules from MS Defender .. interesting project - github.com/roadwy/Defen...
GitHub - roadwy/DefenderYara: Extracted Yara rules from Windows Defender mpavbase and mpasbase
Extracted Yara rules from Windows Defender mpavbase and mpasbase - roadwy/DefenderYara
github.com
November 26, 2024 at 5:23 AM
Yara rules from MS Defender .. interesting project - github.com/roadwy/Defen...
Working with AI and Microsoft?
You can build CA policies to protect usage of AI by enforcing Phishing-resistant MFA or other things.
learn.microsoft.com/en-us/entra/...
You can build CA policies to protect usage of AI by enforcing Phishing-resistant MFA or other things.
learn.microsoft.com/en-us/entra/...
Conditional Access protections for Generative AI - Microsoft Entra ID
Protecting Gen AI services like Microsoft Copilot for Security and Microsoft 365 Copilot with Conditional Access
learn.microsoft.com
November 21, 2024 at 5:01 AM
Working with AI and Microsoft?
You can build CA policies to protect usage of AI by enforcing Phishing-resistant MFA or other things.
learn.microsoft.com/en-us/entra/...
You can build CA policies to protect usage of AI by enforcing Phishing-resistant MFA or other things.
learn.microsoft.com/en-us/entra/...
First seen … for all „hey … you‘re in security .. how do I protect my…“ questions.
digital-defense.io
digital-defense.io
Digital Defense - The ultimate personal security checklist to secure your digital life
The ultimate personal security checklist to secure your digital life
digital-defense.io
November 21, 2024 at 4:53 AM
First seen … for all „hey … you‘re in security .. how do I protect my…“ questions.
digital-defense.io
digital-defense.io
Busy with too many vulnerabilites?
Microsofts answer to XMCyber is there: techcommunity.microsoft.com/blog/microso...
Surprisingly included in most licences without additional cost - worth a look.
Microsofts answer to XMCyber is there: techcommunity.microsoft.com/blog/microso...
Surprisingly included in most licences without additional cost - worth a look.
Unlock Proactive Defense: Microsoft Security Exposure Management Now Generally Available | Microsoft Community Hub
As the digital landscape grows increasingly interconnected, defenders face a critical challenge: the data and insights from various security tools are often...
techcommunity.microsoft.com
November 21, 2024 at 4:35 AM
Busy with too many vulnerabilites?
Microsofts answer to XMCyber is there: techcommunity.microsoft.com/blog/microso...
Surprisingly included in most licences without additional cost - worth a look.
Microsofts answer to XMCyber is there: techcommunity.microsoft.com/blog/microso...
Surprisingly included in most licences without additional cost - worth a look.
How shall we do detection engineering with that? TimeGenerated and CreateDateTime more than 1 Hour apart
It was our test tenant during ohne of our public trainings... but I could not explain
#microsoft #m365 #security
It was our test tenant during ohne of our public trainings... but I could not explain
#microsoft #m365 #security
November 20, 2024 at 5:37 AM
How shall we do detection engineering with that? TimeGenerated and CreateDateTime more than 1 Hour apart
It was our test tenant during ohne of our public trainings... but I could not explain
#microsoft #m365 #security
It was our test tenant during ohne of our public trainings... but I could not explain
#microsoft #m365 #security
Just came across the updated #Windows 11 Security Book - learn.microsoft.com/en-us/window...
Still good graphical overview of security features.
Still good graphical overview of security features.
Windows security book introduction
Windows security book introduction
learn.microsoft.com
November 20, 2024 at 4:56 AM
Just came across the updated #Windows 11 Security Book - learn.microsoft.com/en-us/window...
Still good graphical overview of security features.
Still good graphical overview of security features.