Undetected Brute force attacks in Microsoft Azure AD.

Hello World! Recently Security Researchers have released a PoC (proof-of-concept) exploit that allows for username enumeration and password brute-forcing on vulnerable Microsoft Azure servers, more specifically Azure active directory. Is is able to do this by taking advantage of weaknesses that lie within the Autologon mechanism. Let’s do a quick breakdown on some of theseContinue reading “Undetected Brute force attacks in Microsoft Azure AD.”

Operation Layover – Attack campaign against Aviation sector uncovered.

Hello World! I wanted to take a look at a recent phishing campaign that was uncovered after being active for roughly two years, interesting for me as I have studied Aviation operations in the past and have good knowledge of their procedures and practices. So let’s see what we know about this threat actor… TheyContinue reading “Operation Layover – Attack campaign against Aviation sector uncovered.”

Massive Ransom… Contingency planning – Food for Thought #3

Hello World! If you thought I would be talking about the Kaseya supply chain attack, well… If you haven’t read about it yet do a quick google but there is enough already out there about it. I wanted to talk about contingency plans, well, one particular contingency plan that I feel might be overlooked. I’mContinue reading “Massive Ransom… Contingency planning – Food for Thought #3”