Discover and read the best of Twitter Threads about #aadinternals

Most recents (2)

@Secureworks just released a threat analysis regarding flaws our team found in #AzureAD Pass-through Authentication (PTA).

secureworks.com/research/azure…

The flaws allow threat actors to:
* Gather credentials
* Login with invalid credentials
* Conduct DoS attacks

1/3
How is this different from previous PTA exploits like #AADInternals PTASpy?
* After the initial compromise of a PTA agent, the exploitation is remote
* Exploitation can't be detected from the Azure portal or logs
* Exploit is persistent

2/3
What can administrators do if they detect a compromised PTA agent?
* Contact Microsoft support to remove the agent

How to protect / prevent?
* Treat all servers with PTA agent as Tier 0

3/3
Read 3 tweets
This @Secureworks report reveals various APIs that allowed unauthorized access to internal information of any Azure AD tenant.

1/4

secureworks.com/research/azure… Image
Most are now fixed, but two issues still exists.

First, you can query directory synchronisation status of any Azure AD tenant. This cannot be prevented, but keeping your synchronisation healthy keeps at least error messages away from others.

2/4
Second, the full name of the technical contact can be queried from any Azure AD tenant. This information is given when the tenant was created, and therefore is probably Global Admin.

The name is not shown in any admin portal, so you need contact MS support to change that.

3/4
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!