Undetected Brute force attacks in Microsoft Azure AD.

Hello World! Recently Security Researchers have released a PoC (proof-of-concept) exploit that allows for username enumeration and password brute-forcing on vulnerable Microsoft Azure servers, more specifically Azure active directory. Is is able to do this by taking advantage of weaknesses that lie within the Autologon mechanism. Let’s do a quick breakdown on some of theseContinue reading “Undetected Brute force attacks in Microsoft Azure AD.”

Operation Layover – Attack campaign against Aviation sector uncovered.

Hello World! I wanted to take a look at a recent phishing campaign that was uncovered after being active for roughly two years, interesting for me as I have studied Aviation operations in the past and have good knowledge of their procedures and practices. So let’s see what we know about this threat actor… TheyContinue reading “Operation Layover – Attack campaign against Aviation sector uncovered.”

Massive Ransom… Contingency planning – Food for Thought #3

Hello World! If you thought I would be talking about the Kaseya supply chain attack, well… If you haven’t read about it yet do a quick google but there is enough already out there about it. I wanted to talk about contingency plans, well, one particular contingency plan that I feel might be overlooked. I’mContinue reading “Massive Ransom… Contingency planning – Food for Thought #3”

Android apps caught stealing Facebook Passwords. Removed from Play store.

Hello World! Google have recently announced they have removed 9 apps which were harvesting users Facebook credentials, estimating it to affect 5.8 million users. The list of apps are as follows – PIP Photo (>5,000,000 installs) Processing Photo (>500,000 installs) Rubbish Cleaner (>100,000 installs) Horoscope Daily (>100,000 installs) Inwell Fitness (>100,000 installs) App Lock KeepContinue reading “Android apps caught stealing Facebook Passwords. Removed from Play store.”

Let’s talk about Windows 11 – Food for thought #2

Hello world! I might have included this before, or made a brief summary however this topic will be a work in progress and I will post much more talking about Windows 11. As new things come to light or new discoveries are made I will talk about these and more specifically their impact on securityContinue reading “Let’s talk about Windows 11 – Food for thought #2”

Crypto waning in an open-source, eco friendly world.

Hello world! Nothing particularly important to mention today, Google has patched yet another 0-day vulnerability in their Chrome browsers, so updating your browser is an important thing to do. However crypto prices and “hype” will be todays topic, as they are increasingly in decline. Law enforcement are able to track much of the crypto-currency obtainedContinue reading “Crypto waning in an open-source, eco friendly world.”

Credential marketplace shut down by FBI.

Hello world! This news isn’t the newest but occurred within the past fortnight, so you may have already heard. Slilpp marketplace was a significant marketplace where mostly illegally obtained credentials (emails, phone numbers, passwords etc etc.) were sold freely for nearly 10 years. “Authorities from four countries shut down an online marketplace where vendors soldContinue reading “Credential marketplace shut down by FBI.”