@Secureworks

@Secureworks

Most recents (2)

@Secureworks just released a threat analysis regarding flaws our team found in #AzureAD Pass-through Authentication (PTA).

secureworks.com/research/azure…

The flaws allow threat actors to:
* Gather credentials
* Login with invalid credentials
* Conduct DoS attacks

1/3

How is this different from previous PTA exploits like #AADInternals PTASpy?
* After the initial compromise of a PTA agent, the exploitation is remote
* Exploitation can't be detected from the Azure portal or logs
* Exploit is persistent

2/3

What can administrators do if they detect a compromised PTA agent?
* Contact Microsoft support to remove the agent

How to protect / prevent?
* Treat all servers with PTA agent as Tier 0

3/3

Read 3 tweets

Dr. Nestori Syynimaa

@DrAzureAD

@Secureworks

This @Secureworks report reveals various APIs that allowed unauthorized access to internal information of any Azure AD tenant.

1/4

secureworks.com/research/azure…

Most are now fixed, but two issues still exists.

First, you can query directory synchronisation status of any Azure AD tenant. This cannot be prevented, but keeping your synchronisation healthy keeps at least error messages away from others.

2/4

Second, the full name of the technical contact can be queried from any Azure AD tenant. This information is given when the tenant was created, and therefore is probably Global Admin.

The name is not shown in any admin portal, so you need contact MS support to change that.

3/4

Read 4 tweets

Discover and read the best of Twitter Threads about #AADInternals

Most recents (2)

Related hashtags

Discover and read the best of Twitter Threads about #AADInternals

Most recents (2)

Related hashtags

Did Thread Reader help you today?