Cloud Assessment – WindowsTechs.com

Control Tower Pivoting Using the Default Role

Posted on June 15, 2023 by Roza Maille

Introduction The cloud security landscape for AWS has continued to evolve each year to become a complex set of products and best practices with the goal of maintaining a mature security posture. AWS Organizations was released in 2017[1] and has been a major solution to aid in managing the multi-account AWS environment that the cloud…

The post Control Tower Pivoting Using the Default Role appeared first on TrustedSec.

Continue reading Control Tower Pivoting Using the Default Role→

Windows LAPS: Closing a Gap for Cloud-Native Device Management

Posted on May 9, 2023 by Roza Maille

1 TLDR; Microsoft is releasing an Azure AD integrated, built-in LAPS agent to Windows 10 and Windows 11 that can be controlled by Intune. 1.1 Problem Statement Migrating Windows endpoints to Intune-only management left gaps in controllable settings. An alternative for traditional Local Administrator Password Solution (LAPS) in an on-premises domain has been a primary…

The post Windows LAPS: Closing a Gap for Cloud-Native Device Management appeared first on TrustedSec.

Continue reading Windows LAPS: Closing a Gap for Cloud-Native Device Management→

Better Hacking Through Cracking: Know Your Rules

Posted on April 21, 2023 by Nathan Noll

THIS POST WAS WRITTEN BY @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways?…

The post Better Hacking Through Cracking: Know Your Rules appeared first on TrustedSec.

Continue reading Better Hacking Through Cracking: Know Your Rules→

Top 5 Things That Will Land an Attacker in the Azure Cloud

Posted on February 21, 2023 by Roza Maille

1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold…

The post Top 5 Things That Will Land an Attacker in the Azure Cloud appeared first on TrustedSec.

Continue reading Top 5 Things That Will Land an Attacker in the Azure Cloud→

Azure AD Kerberos Tickets: Pivoting to the Cloud

Posted on February 9, 2023 by Roza Maille

If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any…

The post Azure AD Kerberos Tickets: Pivoting to the Cloud appeared first on TrustedSec.

Continue reading Azure AD Kerberos Tickets: Pivoting to the Cloud→

Auditing Exchange Online From an Incident Responder’s View

Posted on November 8, 2022 by Roza Maille

Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s), and uses this…

The post Auditing Exchange Online From an Incident Responder’s View appeared first on TrustedSec.

Continue reading Auditing Exchange Online From an Incident Responder’s View→

A Primer on Cloud Logging for Incident Response

Posted on October 25, 2022 by Roza Maille

Overview This blog post will provide an overview of common log sources in Azure and AWS, along with associated storage and analysis options. At a high level, cloud-based incidents can be categorized into host-based compromises (that is, compromises primarily involving virtual machines hosted in the cloud) and identity-based or resource-based compromises (compromises primarily involving cloud-native…

The post A Primer on Cloud Logging for Incident Response appeared first on TrustedSec.

Continue reading A Primer on Cloud Logging for Incident Response→

Common Conditional Access Misconfigurations and Bypasses in Azure

Posted on October 4, 2022 by Nathan Noll

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….

The post Common Conditional Access Misconfigurations and Bypasses in Azure appeared first on TrustedSec.

Continue reading Common Conditional Access Misconfigurations and Bypasses in Azure→

Defending the Gates of Microsoft Azure With MFA

Posted on April 26, 2022 by Amanda Mates

Since Russia’s invasion of Ukraine, companies based in the United States have been on alert for potential cyberattacks on IT infrastructure. Multi-Factor Authentication (MFA) has been one of the most recommended settings for organizations to turn on. Recently, the White House issued a FACT SHEET on how organizations can protect themselves against potential cyberattacks from…

The post Defending the Gates of Microsoft Azure With MFA appeared first on TrustedSec.

Continue reading Defending the Gates of Microsoft Azure With MFA→