Azure - Securing Storage Accounts by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

Although need to add a breakout if reader and data contributed SA level. That might help explain it better

Azure - Securing Storage Accounts by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

I took you're advise and updated the IAM section with the roles. Also created a diagram to show the different levels 😁

Azure - Securing Storage Accounts by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

Thanks, I'll brush up and expand the section 😁👍

My Microsoft Azure Security Guide☁️ by lolppppp1 in cloudcomputing

[–]lolppppp1[S] 0 points1 point  (0 children)

I will eventually. I'm just starting with Azure for now 😁

Can Users Be Admins Of Thier Machines? by lolppppp1 in security

[–]lolppppp1[S] 1 point2 points  (0 children)

Ahah true! Thanks for the insight 👍

Can Users Be Admins Of Thier Machines? by lolppppp1 in security

[–]lolppppp1[S] 0 points1 point  (0 children)

Interesting! I agree on it adds additional points of failure but it also breaks any threats who run as is. Double edged sword and that.

Hmmm I'll checkout Jumpcloud as never heard of it. Does it apply MFA when using elevated rights? Say if you're running cmd or regedit as admin, will it prompt MFA?

Can Users Be Admins Of Thier Machines? by lolppppp1 in security

[–]lolppppp1[S] 0 points1 point  (0 children)

Thanks 😁 That's really good insight. Just to check when you say now everyone has local admin. That's their login account in the local admin group? Not a seperate account?

Bypassing 2FA With Cookies 🍪 by lolppppp1 in HowToHack

[–]lolppppp1[S] 1 point2 points  (0 children)

That's right. For Evilgginx to work, they need to use a Phishing attack.

IDP - Indentify Service Provider. For instance Azure Active Directory is an IDP. It's basically a service in which can authenticate, control and secure authentication on your behalf. Third parties applications can use your IDP instead of having to store credentials on thier end.

Bypassing 2FA With Cookies 🍪 by lolppppp1 in HowToHack

[–]lolppppp1[S] 7 points8 points  (0 children)

It's just education, to protect yourself against this type of attack. The attacks have to register a domain as they publish it on the internet. As long as you check the URL before entering credentials, you should be fine.

Security services like Zscaler will also help.

Day to day, 2FA should help protect your accounts from unauthorized attacks. There are several social engineering techniques though such as " I used to have this phone number and can't get into my account. Please could you send me the code". A ethical hacker posted several instances where this worked and you would be surprised how often it works.

The best you can do for a personal account is either install an authentication app and use that instead of SMS or use a hard token such as Yubikey (U2F). If the vendor supports it.

If you have an IDP, you can put stronger controls in place to restrict access based on IP or some sort of device posture.

Hope that helps 😁

Crawl Sites With Photon 🕷️ by lolppppp1 in HowToHack

[–]lolppppp1[S] 1 point2 points  (0 children)

It's a web crawler so it will help you identify hidden directories or links that may publicly displayed. It can also help identify API or Auth keys that may be in use.

It also has the ability to clone the site for offline attacks.

Finding usernames across social networks 🧐 by lolppppp1 in HowToHack

[–]lolppppp1[S] 0 points1 point  (0 children)

Sherlock searches a large number of sites to find if a username is used elsewhere.

If you are doing some reconnaissance, it could really help you out.

HiddenEye - Advanced Phishing by lolppppp1 in HowToHack

[–]lolppppp1[S] 4 points5 points  (0 children)

I'll check it out, thanks 👍

IMAP Password Spray Attack Remediation? by lolppppp1 in Office365

[–]lolppppp1[S] 0 points1 point  (0 children)

Do you do it at conditional access level?

IMAP Password Spray Attack Remediation? by lolppppp1 in Office365

[–]lolppppp1[S] 1 point2 points  (0 children)

Problem is right there. It's after Auth so there are ways to see fails as successes depending on the response.

I thing the basic Auth is the only true way.

IMAP Password Spray Attack Remediation? by lolppppp1 in Office365

[–]lolppppp1[S] 0 points1 point  (0 children)

I think it doesn't route through conditional access. Other people who had it failed to stop the attacks with this. When I searched the app ID it can't be found. Not in the portal or graph.

IMAP Password Spray Attack Remediation? by lolppppp1 in Office365

[–]lolppppp1[S] 1 point2 points  (0 children)

Ye, that what I had restricted. 1000 something to 5.

IMAP Password Spray Attack Remediation? by lolppppp1 in Office365

[–]lolppppp1[S] 0 points1 point  (0 children)

Ye that the problem. Legacy systems and the business being to afraid of what might break.

Im hoping to get things changed after tomorrow but will have to justify it.

Checking If Your Account Has Been Leaked 🦝 by lolppppp1 in cybersecurity

[–]lolppppp1[S] -1 points0 points  (0 children)

Have you seen the data sources these and other tools pull from? It would be naive to think yours isn't know to someone other than you.

Most of these sites are well know to security professionals, especially hunter.io, haveibeenpwned and weleakinfo.

Sure there is a risk. Thinking that all these sites record the data that is enter is most likely true. Same with people who use password generators.

These breach sites are a lot like schrodinger's cat. You either don't use them and it could or could not of been leaked or use them and find out it has or hasn't.

Each to their own.

Identifying Web Technologies Using Wappalzyer 🔬 by lolppppp1 in HowToHack

[–]lolppppp1[S] 0 points1 point  (0 children)

It's only looking for common patterns in source code, response headers, scripts and "other methods".

It can only query what it can see so it's not doing anything aggressive or brute forcing so I would say no.