seick
@seick.it
Security Engineer | custos nubium
#Security #Azure #EntraID #KQL #ConditionalAccess #ActiveDirectory #MDE and a little bit of #macOS
#Security #Azure #EntraID #KQL #ConditionalAccess #ActiveDirectory #MDE and a little bit of #macOS
The query at the end of this article is less noisy in our environment... thoughts?
www.bi-sec.de/2024/12/28/m...
www.bi-sec.de/2024/12/28/m...
Microsoft 365 - Geräte-Compliance-Bypass - < bi-sec >
Angriffe auf Microsoft 365 über Gerätecompliance-Bypass sind ab jetzt der Standard. Intune-Portal sei dank, können Angreifer CA umgehen!
www.bi-sec.de
January 6, 2025 at 3:16 PM
The query at the end of this article is less noisy in our environment... thoughts?
www.bi-sec.de/2024/12/28/m...
www.bi-sec.de/2024/12/28/m...
Reposted by seick
Fun part is, he held a presentation about this already in August but nobody seemed interested… www.youtube.com/watch?v=JItn...
Bypassing Entra ID Conditional Access Like APT: A Deep Dive Into Device Authentication Mechanisms
YouTube video by Black Hat
www.youtube.com
January 5, 2025 at 8:42 PM
Fun part is, he held a presentation about this already in August but nobody seemed interested… www.youtube.com/watch?v=JItn...
This blogpost shows a detection query for TokenSmith:
quzara.com/blog/bypass-...
quzara.com/blog/bypass-...
Bypass Intune Conditional Access Using TokenSmith: Detection & Response
Discover how to detect & respond to a new exploit bypassing Microsoft Intune Conditional Access Policies using advanced queries in Microsoft Defender XDR.
quzara.com
January 2, 2025 at 2:19 PM
This blogpost shows a detection query for TokenSmith:
quzara.com/blog/bypass-...
quzara.com/blog/bypass-...
Never had such a case but I would start here:
objective-see.org/tools.html
objective-see.org/tools.html
Objective-See: Tools
Free, open-source tools to protect your Mac
objective-see.org
December 8, 2024 at 10:56 AM
Never had such a case but I would start here:
objective-see.org/tools.html
objective-see.org/tools.html
fortunately it is only very, very annoying. I did nothing in that tenant that was only in there. Still... a little not would have been helpful to plan better.
December 2, 2024 at 9:41 PM
fortunately it is only very, very annoying. I did nothing in that tenant that was only in there. Still... a little not would have been helpful to plan better.
"Your Microsoft 365 E5 developer subscription is for development purposes only and can be revoked if you use it for purposes other than development."...
yeah. sorry. Only want to learn your products and skill up. 🙄
yeah. sorry. Only want to learn your products and skill up. 🙄
December 2, 2024 at 9:25 PM
"Your Microsoft 365 E5 developer subscription is for development purposes only and can be revoked if you use it for purposes other than development."...
yeah. sorry. Only want to learn your products and skill up. 🙄
yeah. sorry. Only want to learn your products and skill up. 🙄
The tenant was still working last week. Was testing something tgere.. At least a little heads-up and a tiny warning would have been nice.
So out of nothing my whole test environment is gone and if I am correct at the moment there is no other way than paying a tenant with all licenses, correct?
So out of nothing my whole test environment is gone and if I am correct at the moment there is no other way than paying a tenant with all licenses, correct?
December 2, 2024 at 9:03 PM
The tenant was still working last week. Was testing something tgere.. At least a little heads-up and a tiny warning would have been nice.
So out of nothing my whole test environment is gone and if I am correct at the moment there is no other way than paying a tenant with all licenses, correct?
So out of nothing my whole test environment is gone and if I am correct at the moment there is no other way than paying a tenant with all licenses, correct?
Is there any other way we non MSP people can try things out in a test environment and keep our skills up to date without spending several hundred dollars on licenses?
Really annoyed right now.
Really annoyed right now.
December 2, 2024 at 8:45 PM
Is there any other way we non MSP people can try things out in a test environment and keep our skills up to date without spending several hundred dollars on licenses?
Really annoyed right now.
Really annoyed right now.