Share this page!

Matthieu Garin Profile picture
@matthieugarin
Apr 6 4 tweets 3 min read Twitter logo Read on Twitter
📚 Excellent article on #Phishing techniques targeting #O365 and #Azure🎣 Traditional phishing, device-code authentication, illicit consent grant attacks... it is not easy to make it simple on this topic, and it's the case here! riskinsight-wavestone.com/en/2023/03/ill… Image
1️⃣ Obviously, the traditional phishing attack is simple to implement in the absence of multi-factor authent 🔐 We know what to do!
2️⃣ More tricky, device-code authent attack: the attacker’s objective is to get the victim to fill in his device code on the Ms devicelogin page🔥
3️⃣ Conditional access policies can be used to prohibit suspicious connections from devices not under the control of the company👍
4️⃣ The illicit consent grant attack relies on the ability of an attacker to create an app that requires permission to be granted 💣
5️⃣ The permissions that can be recovered by the attacker during this type of attack depend on the config of the targeted #AzureAD tenant.
6️⃣ Allow only apps approved by admins 👥, limit permissions which can be granted, regularly review rights, limit access to #SharePoint files📜

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthieu Garin

Matthieu Garin Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthieugarin

Matthieu Garin Profile picture
Jan 18
📢 The countdown is on: #DORA compliance is expected by 17th January 2025!

The Digital Operational Resilience Act 🇪🇺, came into effect 2 days ago. Its scope is large: EU-based financial entities (including small startups/fintechs) but also their IT service providers 🏦☁️ 1/6
Some highlights:
1️⃣ A reiteration of top management's responsibility for ICT risk mgmt
2️⃣ A real step up in 3rd party risk mgmt is expected: expectations go beyond contractual measures📋; with critical IT providers placed under industry-wide supervision by the regulator🔎 2/6
3️⃣ Testing, testing and more testing👍! A global approach to be adopted, including advanced, threat-based testing by independent testers...

➡️ Some of our clients have already made good progress in setting up the #Framework and concrete questions are beginning to be asked. 3/6
Read 6 tweets
Matthieu Garin Profile picture
Dec 21, 2020
⚠️ Attention aux droits accordés aux #CSP (Cloud Service Providers ☁️) en environnement #Microsoft ! Un client vient de s'en rendre compte et l'expérience n'est pas agréable... [Thread 1/5]
1️⃣ Un partenaire #CSP peut faire une demande de droits 🔄 (Global Admin ou Helpdesk Admin... soit tout ou rien)
2️⃣ Les droits peuvent être validés par un Billing Admin, dont ce n'est pas le job 👤. Autrement dit, souvent peu de vérification... [2/5]
3️⃣ Ce n'est pas une blague : les droits n’apparaissent pas dans #AzureAD 🚨 (les auditeurs les moins chevronnés passeront à travers). Pire que ça : le #CSP a la possibilité de se connecter au tenant client sans mesure de sécurité particulière 🔐 [3/5]
Read 5 tweets
Matthieu Garin Profile picture
Apr 7, 2020
#Thread ⬇️📝Définir une stratégie #cybersécurité… c’était tellement plus simple en 2010 !

Le schéma directeur SSI est la mission de conseil par excellence. Mais la méthode pour le concevoir a largement évolué en 10 ans. Profitons du confinement pour une rétrospective ! (1/6) Image
En 2️⃣0️⃣1️⃣0️⃣, la vie était simple. Un schéma directeur se faisait en quelques entretiens avec le RSSI et son équipe, "à dire d’experts". Pour la logique, on se basait sur une image type château fort 🏰 ou aéroport 🛩 qui servaient de prétextes à la mise de SOC, CERT, IPS... (2/6)
La cyber était moins dispersée qu’aujourd’hui, et les schémas dir se ressemblaient tous.

En 2️⃣0️⃣2️⃣0️⃣, le contexte a changé. La sécurité est coûteuse 💵, et prouver l’efficacité de sa strat est indispensable. Le management est plus affuté et le dire d’expert ne suffit plus. (3/6)
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(