OneDrive to Enum Them All

THIS POST WAS WRITTEN BY @NYXGEEK Greetings fellow hackers, Today we’ll be diving into the topic of user enumeration via OneDrive. I wrote a blog post on this topic a few years back when I first identified the technique. Since then, I’ve learned more about it, and the onedrive_enum.py tool has been updated and is more…

The post OneDrive to Enum Them All appeared first on TrustedSec.

Continue reading OneDrive to Enum Them All

Hacking Your Cloud: Tokens Edition 2.0

Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of getting JWT tokens, but one (1) of the primary ways is through phishing. In this blog, we are going to explore strategies on gaining maximum efficiency with Office tokens, different…

The post Hacking Your Cloud: Tokens Edition 2.0 appeared first on TrustedSec.

Continue reading Hacking Your Cloud: Tokens Edition 2.0

Top 5 Things That Will Land an Attacker in the Azure Cloud

1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold…

The post Top 5 Things That Will Land an Attacker in the Azure Cloud appeared first on TrustedSec.

Continue reading Top 5 Things That Will Land an Attacker in the Azure Cloud

How Threat Actors Use OneNote to Deploy ASyncRAT

See how Research Team Lead Carlos Perez dissects a sample of a OneNote document that was used to deploy ASyncRAT, an open-source remote admin tool, to enable phishing attacks. You’ll find out how these OneNote files are now being used by threat actors and where to find the location that ASyncRAT is being downloaded and…

The post How Threat Actors Use OneNote to Deploy ASyncRAT appeared first on TrustedSec.

Continue reading How Threat Actors Use OneNote to Deploy ASyncRAT

New Attacks, Old Tricks: How OneNote Malware is Evolving

1    Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun to look at a sample. It turns out there are a lot of similarities between embedding malicious code into a OneNote document and the old macro/VBA techniques for Office…

The post New Attacks, Old Tricks: How OneNote Malware is Evolving appeared first on TrustedSec.

Continue reading New Attacks, Old Tricks: How OneNote Malware is Evolving

2023 Resolutions for Script Kiddies

Introduction 2022 was a tough year. It seemed like no one was safe. Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, Okta, Uber—and those were just some of Lapsus$’s breaches. What’s a Script Kiddie to do to be better protected in 2023? Another year in the books, and it was another big year for cybersecurity. While 2022 did…

The post 2023 Resolutions for Script Kiddies appeared first on TrustedSec.

Continue reading 2023 Resolutions for Script Kiddies

Auditing Exchange Online From an Incident Responder’s View

Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s), and uses this…

The post Auditing Exchange Online From an Incident Responder’s View appeared first on TrustedSec.

Continue reading Auditing Exchange Online From an Incident Responder’s View

Real or Fake? How to Spoof Email

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…

The post Real or Fake? How to Spoof Email appeared first on TrustedSec.

Continue reading Real or Fake? How to Spoof Email