Bypassing sign-in frequency requirements for Conditional Access on 3rd party clients
Based on recent testing SIF (sign-in-frequency) enforcement can be bypassed when refresh token is available for exchange¹ on third party²Lue lisää
Viimeisimmät artikkelit
Azure AD Cross-tenant attacks via multi-tenant implants (servicePrincipals)
I decided to do short write-up since I’ve been getting lot of questions about this attack type originally discovered byLue lisää
Azure Monitor – Malicious KQL Query
Malicious KQL Query: Malicious KQL query is injection technique, where attacker with targetable workspace resourceID can inject listener of accessLue lisää
Microsoft Cloud Security Research – Public Disclosure – Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account
Background Not so long a go I was investigating various Azure related portals, and one of them caught my attention.Lue lisää
SecureCloudBlog 