I Took Over a Microsoft Cloud Account. Again.

แชร์
ฝัง
  • เผยแพร่เมื่อ 22 ธ.ค. 2024

ความคิดเห็น • 32

  • @GW_Oldie
    @GW_Oldie ปีที่แล้ว +13

    I think the more appropriate question is not 'how do we hack an O365 account' rather, how do we stop this form of attack from working? MS currently only have CA or device registration as options that work to protect a user, but anyone using unregistered devices is basically screwed if that user gets phished. Many small businesses aren't licensed with (and cannot afford) the correct product to implement the security needed and many more, such as charities, have volunteers world-wide that use their own devices. How do these businesses implement CA effectively over such a widely distributed user-base?
    Would it be possible for MS to invalidate MFA tokens if the device isn't MDM registered and the IP address being used for the connection doesn't match the one against which the token was issued ??? I know they can report on this and it shows as Anomalous Token usage in Sentinel

    • @cobyiv
      @cobyiv 11 หลายเดือนก่อน +2

      Not sure about prevent but at my org we have script automation to programmatically audit the unified log and search for M365 log-in IPs that vary in location in a specific time interval . So say a user logs in from IP A but then within a 4-hr window they are logged in to IP A and IP B a notification is sent to us.
      Yes, there are false positives but it has also helped us find some previously unknown compromises.

  • @Manavetri
    @Manavetri ปีที่แล้ว +4

    Your videos are incredible, they never disappoint.
    Thanks for sharing

  • @rogue2shadow
    @rogue2shadow ปีที่แล้ว +2

    I literally stood up and clapped. Well played legend!

  • @Pranks101
    @Pranks101 ปีที่แล้ว +8

    Did you bypass the email spam filter because you were apart of an active user within?

  • @rustystar5338
    @rustystar5338 6 หลายเดือนก่อน

    John Hammond is it possible to hack a outlook account with no password and only with the Microsoft authenticator app, so if you login it send a notification to you app with a number is there also a way to bypass this?

  • @TheBenSanders
    @TheBenSanders ปีที่แล้ว +2

    Damn John, you just keep putting me on a list with these video titles. lmao

  • @leonardofelippine9781
    @leonardofelippine9781 ปีที่แล้ว +1

    Great video as usual.
    Another defense for this attack would be Identity Protection, with controls such as "Impossible travel situation", and Continuous Access Evaluation. Such different signals would probably trigger the defenses and block access

  • @asuramaru6339
    @asuramaru6339 ปีที่แล้ว +1

    idk if i missed something but why is the link in the phishing mail the actual microsoft link , how does this work?

    • @Al-Fisaa
      @Al-Fisaa ปีที่แล้ว

      The phish is not the link but the real remote login capability...the link only relays this(remote login capability) to the attacked

    • @asuramaru6339
      @asuramaru6339 ปีที่แล้ว

      @@Al-Fisaa ok wait … is thos device Code the Remote Login , if he used the wrong Code it would not work. ?

  • @LESLEYYY0
    @LESLEYYY0 ปีที่แล้ว +1

    Do you need special permissions for Send-MailMessage? If not then that's a concern...

    • @scriptkiddie1000
      @scriptkiddie1000 ปีที่แล้ว

      @paulus9660 secondly all good company security has smtp auth disabled for internal users meaning you need to do modernauth smtp to send that email which you cant as you need to satisfy MFA

  • @אריאלבן-צ9ד
    @אריאלבן-צ9ד ปีที่แล้ว

    can you share the powershell script please

  • @webdesignsbytom
    @webdesignsbytom ปีที่แล้ว

    luckily no one uses teams, mail or calendar from them

  • @DavidAlvesWeb
    @DavidAlvesWeb ปีที่แล้ว +1

    not AGAIN!

  • @Al-Fisaa
    @Al-Fisaa ปีที่แล้ว +1

    Clean

  • @CyberDevilSec
    @CyberDevilSec ปีที่แล้ว +1

    badass :)

  • @dydarjadmin
    @dydarjadmin ปีที่แล้ว +2

    🎉🎉🎉🎉🎉🎉🎉😊😊😊😊

  • @danieljordan9004
    @danieljordan9004 11 หลายเดือนก่อน

    I’ve never heard of this before. My logarithm suggested this video for me. I’m sure I’m missing something but why are we teaching people to steal a Microsoft account?

  • @Nailey-h7p
    @Nailey-h7p ปีที่แล้ว

    yoooooooo

  • @TheCyberWarriorGuy
    @TheCyberWarriorGuy ปีที่แล้ว +1

    :)

  • @shortylele2770
    @shortylele2770 ปีที่แล้ว

    third.

  • @Pranks101
    @Pranks101 ปีที่แล้ว

    Second

  • @floor_3d
    @floor_3d ปีที่แล้ว

    first

  • @d_cb
    @d_cb ปีที่แล้ว

    not first :|

  • @scriptkiddie1000
    @scriptkiddie1000 ปีที่แล้ว +2

    Your on Powershell and you use ECHO , Fail ,

  • @rohith9799
    @rohith9799 ปีที่แล้ว

    second

  • @wagidbebar4310
    @wagidbebar4310 ปีที่แล้ว

    second