Aggregator

这几天看到了一些比较肆虐而且比较常见的互联网病毒传播，所以专门写篇文章聊一聊这个问题

特别一提，由于本文的性质，本文章为公共领域文章，即在世界范围内放弃本文的所有权利，故任何人都可以以任何方式转载或重新发布

当然，如果你可以保留指向本文章的链接那

We spotted a new Microsoft Exchange zero day and more security infrastructure vulns, as well as all of the usual suspects, in this month’s installment on vulnerability targeting.

We spotted a new Microsoft Exchange zero day and more security infrastructure vulns, as well as all of the usual suspects, in this month’s installment on vulnerability targeting.

第一届PKU GeekGame来了，题目的点套的太多了，太顶了，打得比较自闭。

As more organizations move to hardware tokens and password-less auth (e.g. Yubi-keys, Windows Hello for Business,…) attackers will look for other ways to to trick users to gain access to their data.

One novel phishing technique is by using the OAuth2 Device Authorization Grant.

This post describes how it works with Microsoft AAD as example.

Attacker initiates the phishing flow

The attacker starts a Device Code flow by issuing a request to the device code token endpoint (e.g. https://login.microsoftonline.com/{tenant}.onmicrosoft.com/oauth2/v2.0/devicecode).

Focus on API security as part of your digital bonding strategy, because APIs are already connecting your business activities.

友情转载

友情转载

友情转载

友情转载

友情转载

这么重大的新闻不得提前来爆个料！

这么重大的新闻不得提前来爆个料！

Misconfigurations with MFA setups are not uncommon when using AAD, especially when federated setups or Pass Through Authentication is configured I have seen MFA bypass opportunities in multiple production tenants.

A common misconfiguration is that MFA is enforced at the federated identity provider, but AAD is forgotten and ROPC authentication still succeeds against AAD.

To learn more about ROPC, check out the previous post about the topic.

This post focuses on the ropci features that can be leveraged post-exploitation.

随便写写

随便写写

随便写写

随便写写

随便写写