NO-BREAK SPACE unicode characters in the display name are not something your average M365 users use. So better look into #Teams chat messages from those users. #SecurityTip #KQL github.com/f-bader/AzSent…

❗️❗️❗️Important notification for Endpoint Admins ❗️❗️❗️ Impacts both win32 apps and scripts in Intune. Unfortunate timing combined with a very late notification - surely this could have been handled differently ... #microsoft #intune

A good reminder that Defender for Identity is NOT Defender for Active Directory or Domain Controllers. It will help you protect your identities at multiple places.

It's the last day of 2024 🎉 We're going to introduce you again to Microsoft 365. How to set up and manage an Intune environment. This playlist has been very helpful for our team, helping us train new members quickly. We hope it serves you... youtube.com/playlist?list=… HNY✨

I'm not sure who put this site together, but this PingCastle cheat sheet is awesome. If you're a PingCastle fan, definitely something to check out... pentesting.site/cheat-sheets/p… If anyone knows who this site belongs to, let me know so I can give a proper shout out!

This is really big at the moment and you should absolutely be looking at your M365 logs to identify this activity. speartip.com/fasthttp-used-… We're observing a large number of IPs involved after successful authentication, but a common IP is 113.23.43[.]76 CC:Huntress

I came up with a great workaround for not getting TenantAdmin alerts unless you've activated eligible roles in PIM! 🔥 I love Merill Fernando's use of plus addressing on admin accounts so we get alerts sent to our regular accounts, but it only works when roles are active So what do?

ManageEngine is hosting a FREE training with a certificate for their device management solution! This is for anyone interested in learning about IT service management and security. Register here manageengine.com/products/deskt…

Tech is expensive fr ✨️

Windows Server Reminder: Always Set the Network Location Awareness Service to Automatic (Delayed). That guarantees the service does not do its poll before the network stack is initialized putting the Windows Firewall into a limp lockdown mode with the Public Profile indicated.

Another Free Microsoft certification for security professionals. introducing SC-401 As usual, it's for fastest fingers only techcommunity.microsoft.com/blog/Microsoft…

To people who don't know M365: Entra ID Exchange Online + Protection Defender Suite of tools (there are at least 10 different ones) Teams SharePoint OneDrive Purview (8 more tool suites with different functionalities) Admin Center Apps Admin Center Intune Power Platform It

Regarding the BlackBasta leaks: we haven't reviewed them in totality yet. It's quite a bit of messages in JSON format. It also has some Russian slang which makes it difficult to translate accurately. Thankfully there are some native Russian speakers who have made some interesting

New blog post: Easier managing account management modes for Windows LAPS petervanderwoude.nl/post/easier-ma… #MSIntune #Intune #EMS #MDM #Windows11 #WindowsLAPS #AccountManagement

Please ask all your admins to watch! Microsoft will be rolling out the policy as Microsoft Managed soon. This is not like AITM. It doesn't not matter if users have phishing resistant auth. Federation does not matter. This provides long term persistent access without MFA.

In the past, you had to: phish a user, drop malware, escalate privileges, pivot to servers, evade EDR, dump creds, move laterally, exfiltrate quietly, clean up, leave a backdoor. Today, you just: phish a user, steal an OAuth token, access everything from anywhere. Cloud

We've been doing a deep dive into threat modeling recently. You should check this out if you're starting out in threat modeling. youtube.com/playlist?list=…

Remote Desktop Services RemoteApps RSS: The Seamless and Secure User Experience RDS has a RSS Feed built-in (pic 1). That feed is virtually device agnostic meaning _any_ device with a RDS App can hook into them. The RSS feed gets updated automatically at midnight every day. All

Delegated permissions in Active Directory: silent but deadly 💩💨🤢 For example: Some random user with “FullControl” of the Domain Controllers OU Nessus didn’t find it… The IT team didn’t know it was there… It wasn’t discovered on past pentests… 🧵I found it almost

… or steal your credentials or extract tokens from processes that grant access to cloud services