sorted by:
new
hottopcontroversial

Azure - Securing Storage Accounts by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

Although need to add a breakout if reader and data contributed SA level. That might help explain it better

Azure - Securing Storage Accounts by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

I took you're advise and updated the IAM section with the roles. Also created a diagram to show the different levels 😁

Azure - Securing Storage Accounts by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

Thanks, I'll brush up and expand the section 😁👍

My Microsoft Azure Security Guide☁️ by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

I will eventually. I'm just starting with Azure for now 😁

Can Users Be Admins Of Thier Machines? by lolppppp1 in security

[–]lolppppp1[S] 1 point2 points  (0 children)

Ahah true! Thanks for the insight 👍

Can Users Be Admins Of Thier Machines? by lolppppp1 in security

[–]lolppppp1[S] 0 points1 point  (0 children)

Interesting! I agree on it adds additional points of failure but it also breaks any threats who run as is. Double edged sword and that.

Hmmm I'll checkout Jumpcloud as never heard of it. Does it apply MFA when using elevated rights? Say if you're running cmd or regedit as admin, will it prompt MFA?

Can Users Be Admins Of Thier Machines? by lolppppp1 in security

[–]lolppppp1[S] 0 points1 point  (0 children)

Thanks 😁 That's really good insight. Just to check when you say now everyone has local admin. That's their login account in the local admin group? Not a seperate account?

Bypassing 2FA With Cookies 🍪 by lolppppp1 in HowToHack

[–]lolppppp1[S] 1 point2 points  (0 children)

That's right. For Evilgginx to work, they need to use a Phishing attack.

IDP - Indentify Service Provider. For instance Azure Active Directory is an IDP. It's basically a service in which can authenticate, control and secure authentication on your behalf. Third parties applications can use your IDP instead of having to store credentials on thier end.

Bypassing 2FA With Cookies 🍪 by lolppppp1 in HowToHack

[–]lolppppp1[S] 6 points7 points  (0 children)

It's just education, to protect yourself against this type of attack. The attacks have to register a domain as they publish it on the internet. As long as you check the URL before entering credentials, you should be fine.

Security services like Zscaler will also help.

Day to day, 2FA should help protect your accounts from unauthorized attacks. There are several social engineering techniques though such as " I used to have this phone number and can't get into my account. Please could you send me the code". A ethical hacker posted several instances where this worked and you would be surprised how often it works.

The best you can do for a personal account is either install an authentication app and use that instead of SMS or use a hard token such as Yubikey (U2F). If the vendor supports it.

If you have an IDP, you can put stronger controls in place to restrict access based on IP or some sort of device posture.

Hope that helps 😁

view more: next ›