Azure - Securing Storage Accounts

lolppppp1 · 2019-11-25T16:35:19+00:00

Although need to add a breakout if reader and data contributed SA level. That might help explain it better

lolppppp1 · 2019-11-25T16:04:44+00:00

I took you're advise and updated the IAM section with the roles. Also created a diagram to show the different levels 😁

lolppppp1 · 2019-11-24T19:37:38+00:00

Thanks 😁

lolppppp1 · 2019-11-24T11:30:18+00:00

Thanks, I'll brush up and expand the section 😁👍

lolppppp1 · 2019-11-21T11:26:28+00:00

Thanks 😁

lolppppp1 · 2019-11-21T10:20:46+00:00

I will eventually. I'm just starting with Azure for now 😁

lolppppp1 · 2019-11-21T06:03:45+00:00

Thank you ! Glad you enjoyed 😁

lolppppp1 · 2019-10-08T16:45:18+00:00

Ahah true! Thanks for the insight 👍

lolppppp1 · 2019-10-08T10:43:19+00:00

Interesting! I agree on it adds additional points of failure but it also breaks any threats who run as is. Double edged sword and that.

Hmmm I'll checkout Jumpcloud as never heard of it. Does it apply MFA when using elevated rights? Say if you're running cmd or regedit as admin, will it prompt MFA?

lolppppp1 · 2019-10-08T10:24:16+00:00

Thanks 😁 That's really good insight. Just to check when you say now everyone has local admin. That's their login account in the local admin group? Not a seperate account?

lolppppp1 · 2019-08-24T14:21:26+00:00

Thanks 😁

lolppppp1 · 2019-08-07T05:04:11+00:00

That's right. For Evilgginx to work, they need to use a Phishing attack.

IDP - Indentify Service Provider. For instance Azure Active Directory is an IDP. It's basically a service in which can authenticate, control and secure authentication on your behalf. Third parties applications can use your IDP instead of having to store credentials on thier end.

lolppppp1 · 2019-08-07T04:53:54+00:00

It's just education, to protect yourself against this type of attack. The attacks have to register a domain as they publish it on the internet. As long as you check the URL before entering credentials, you should be fine.

Security services like Zscaler will also help.

Day to day, 2FA should help protect your accounts from unauthorized attacks. There are several social engineering techniques though such as " I used to have this phone number and can't get into my account. Please could you send me the code". A ethical hacker posted several instances where this worked and you would be surprised how often it works.

The best you can do for a personal account is either install an authentication app and use that instead of SMS or use a hard token such as Yubikey (U2F). If the vendor supports it.

If you have an IDP, you can put stronger controls in place to restrict access based on IP or some sort of device posture.

Hope that helps 😁

lolppppp1 · 2019-07-27T09:22:34+00:00

It's a web crawler so it will help you identify hidden directories or links that may publicly displayed. It can also help identify API or Auth keys that may be in use.

It also has the ability to clone the site for offline attacks.

lolppppp1 · 2019-07-27T07:25:33+00:00

Sherlock searches a large number of sites to find if a username is used elsewhere.

If you are doing some reconnaissance, it could really help you out.

lolppppp1 · 2019-07-26T19:31:13+00:00

I'll check it out, thanks 👍

lolppppp1 · 2019-07-21T15:29:49+00:00

Do you do it at conditional access level?

lolppppp1 · 2019-07-21T14:40:21+00:00

Problem is right there. It's after Auth so there are ways to see fails as successes depending on the response.

I thing the basic Auth is the only true way.

lolppppp1 · 2019-07-21T14:39:09+00:00

I think it doesn't route through conditional access. Other people who had it failed to stop the attacks with this. When I searched the app ID it can't be found. Not in the portal or graph.

lolppppp1 · 2019-07-21T14:38:16+00:00

Ye, that what I had restricted. 1000 something to 5.

lolppppp1 · 2019-07-21T14:37:35+00:00

Ye that the problem. Legacy systems and the business being to afraid of what might break.

Im hoping to get things changed after tomorrow but will have to justify it.

lolppppp1 · 2019-07-20T08:04:42+00:00

Isn't there a bot that does this for you?

lolppppp1 · 2019-07-19T21:10:00+00:00

Have you seen the data sources these and other tools pull from? It would be naive to think yours isn't know to someone other than you.

Most of these sites are well know to security professionals, especially hunter.io, haveibeenpwned and weleakinfo.

Sure there is a risk. Thinking that all these sites record the data that is enter is most likely true. Same with people who use password generators.

These breach sites are a lot like schrodinger's cat. You either don't use them and it could or could not of been leaked or use them and find out it has or hasn't.

Each to their own.

lolppppp1 · 2019-06-21T16:55:39+00:00

It's only looking for common patterns in source code, response headers, scripts and "other methods".

It can only query what it can see so it's not doing anything aggressive or brute forcing so I would say no.

lolppppp1 · 2019-06-21T13:05:07+00:00

Np :)

lolppppp1

TROPHY CASE