azure Archives - Jean-Christoph von Oertzen

Webinar takeaways: Attack Tactics 8 – Poison the Well

jean-christoph — Thu, 01 Jul 2021 18:27:25 +0000

My key takeaways Bad documents eg with macros enabled in SharePoint? No need to bypass phishing controls anymore! Documents are already trusted by users Difficult to trace M$ SmartLockout is effective to reduce direct attacks FireProx (AWS) or Proxycannon-ng (OpenVPN) can circumvent it unsolicited push notifications to bypass MFA can’t be reported as phish might […]

The post Webinar takeaways: Attack Tactics 8 – Poison the Well appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Getting Started in Pentesting The Cloud – Azure

jean-christoph — Thu, 27 May 2021 18:09:24 +0000

My key takeaways Hybrid environments make cloud to on-prem pivoting possible 3 attack surfaces external: public buckets internal resource access: internal to cloud internal api access: identify vulns via API calls & configuration analysis Azure and O365 are not the same Azure Resouce Manager : Subscriptions and Resources Microsoft Office 365: Productivity O365 accounts get […]

The post Webinar Takeaway: Getting Started in Pentesting The Cloud – Azure appeared first on Jean-Christoph von Oertzen.