I Took Over a Microsoft Cloud Account. Again.

Рет қаралды 105,786

6 ай бұрын

jh.live/wiz || Get the big picture of your security posture across your entire cloud environment with Wiz and their Cloud Native Application Protection Platform: jh.live/wiz
Free Cybersecurity Education and Ethical Hacking
🔥KZfaq ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware

Пікірлер: 31

@GW_Oldie 6 ай бұрын

I think the more appropriate question is not 'how do we hack an O365 account' rather, how do we stop this form of attack from working? MS currently only have CA or device registration as options that work to protect a user, but anyone using unregistered devices is basically screwed if that user gets phished. Many small businesses aren't licensed with (and cannot afford) the correct product to implement the security needed and many more, such as charities, have volunteers world-wide that use their own devices. How do these businesses implement CA effectively over such a widely distributed user-base? Would it be possible for MS to invalidate MFA tokens if the device isn't MDM registered and the IP address being used for the connection doesn't match the one against which the token was issued ??? I know they can report on this and it shows as Anomalous Token usage in Sentinel

@cobyiv 4 ай бұрын

Not sure about prevent but at my org we have script automation to programmatically audit the unified log and search for M365 log-in IPs that vary in location in a specific time interval . So say a user logs in from IP A but then within a 4-hr window they are logged in to IP A and IP B a notification is sent to us. Yes, there are false positives but it has also helped us find some previously unknown compromises.

@Manavetri 6 ай бұрын

Your videos are incredible, they never disappoint. Thanks for sharing

@Pranks101 6 ай бұрын

Did you bypass the email spam filter because you were apart of an active user within?

@rogue2shadow 6 ай бұрын

I literally stood up and clapped. Well played legend!

@leonardofelippine9781 6 ай бұрын

Great video as usual. Another defense for this attack would be Identity Protection, with controls such as "Impossible travel situation", and Continuous Access Evaluation. Such different signals would probably trigger the defenses and block access

@JSRJS 6 ай бұрын

Thinking a hardware key would be better choice (ie Yubi) to provide another layer of auth.

@TheBenSanders 6 ай бұрын

Damn John, you just keep putting me on a list with these video titles. lmao

@asuramaru6339 6 ай бұрын

idk if i missed something but why is the link in the phishing mail the actual microsoft link , how does this work?

@Cumander1 6 ай бұрын

The phish is not the link but the real remote login capability...the link only relays this(remote login capability) to the attacked

@asuramaru6339 6 ай бұрын

@@Cumander1 ok wait … is thos device Code the Remote Login , if he used the wrong Code it would not work. ?

@LESLEYYY0 6 ай бұрын

Do you need special permissions for Send-MailMessage? If not then that's a concern...

@scriptkiddie1000 6 ай бұрын

@@paulus9660 secondly all good company security has smtp auth disabled for internal users meaning you need to do modernauth smtp to send that email which you cant as you need to satisfy MFA

@webdesignsbytom 6 ай бұрын

luckily no one uses teams, mail or calendar from them

@user-wq8cc3kq6y 6 ай бұрын

can you share the powershell script please

@DavidAlvesWeb 6 ай бұрын

not AGAIN!

@Cumander1 6 ай бұрын

Clean

@cyberdevil657 6 ай бұрын

badass :)

@user-ow5nk3po3d 6 ай бұрын

yoooooooo

@dydarjadmin 6 ай бұрын

🎉🎉🎉🎉🎉🎉🎉😊😊😊😊

@TheCyberWarriorGuy 6 ай бұрын

@shortylele2770 6 ай бұрын

third.

@Pranks101 6 ай бұрын

Second

@wagidbebar4310 6 ай бұрын

second

@d_cb 6 ай бұрын

not first :|

@floor_3d 6 ай бұрын

first

@danieljordan9004 5 ай бұрын

I’ve never heard of this before. My logarithm suggested this video for me. I’m sure I’m missing something but why are we teaching people to steal a Microsoft account?