Monitoring High Risk Azure Logins
Recently in the SOC, we were notified by a partner that they had a potential business email compromise, or BEC. We commonly catch these by identifying suspicious email forwarding rules, […]
Azure
Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365
By Beau Bullock & Steve Borosh TL;DR We built a post-compromise toolset called GraphRunner for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and […]
Impacket Defense Basics With an Azure Lab
Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. […]
How To: Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!)
Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain. https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been […]
WEBCAST: RDP Logging Bypass and Azure Active Directory Recon
For this webcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate […]
Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]
Time To Bash on Windows (Bourne Again Shell That Is)
Editor’s Note: This is another awesome guest post from our friend, Robert Schwass. If you’d like to guest post contact us here. Robert Schwass // I had heard the rumors about […]