Kategoria: Uncategorized
Microsoft Cloud Security Research – Public Disclosure – Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account
Background Not so long a go I was investigating various Azure related portals, and one of them caught my attention.Lue lisää
Add user as reader to Azure Devops projects
Go to https://dev.azure.com/yourOrgHere/_settings/users and use the ’add new users’ Select project readers as group, and access level basic if youLue lisää
First line of defence – Review Azure AD Gaps in Conditional Access with Log Analytics / Azure Sentinel
Backround It is highly recommended especially (at time like this) to ensure, you are not giving easy access to yourLue lisää
MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022
I decided to post a short write-up on this MSRC case as this case was first one I worked withLue lisää