If you’ve deployed multifactor authentication (MFA) at an enterprise scale, you’ll know it can be fraught with challenges. You may need to deploy to individual departments, or perhaps take a phased approach and deploy in traches. However you end up deciding to do your MFA rollout, you will likely need to specify a target group,…
Category: Cybersecurity
OSINT – Find Similar Images on the Web
I recently had a unique challenge present itself. A local had shared a screenshot of an image in a social media group I am in. I had the suspicion that this screenshot might have been the entrance to some local caves that I had been to previously. However, since that photo was taken, these caves…
PowerShell – Execute Scriptblock as Current User
Here’s a script I’ve put together that will retrieve the current user sessions from a remote host using psexec.exe. Then, it executes a scriptblock using the current user session context. Simple, but very powerful. I would suggest not running this in an enterprise environment if you would like to stay in your security team’s good…
Cloud – Search and Destroy Malicious Emails From End Users’ G-Suite Mailboxes
If you are using managing an enterprise, you will undoubtedly encounter malicious emails targeting your end users. Ideally, you could delete these messages from within your end users’ mailboxes. Normally, this is a premium feature, but if you have configured your G-Suite environment to use PSGSuite, it can be accomplished with some pretty basic scripting….
Cloud – Synchronizing Disablements Between Federated Domains (Azure, Google)
When configuring provisioning between Azure and Google federated domains, you will likely reference Microsoft’s documentation on configuring their canned provisioning Enterprise Application at https://learn.microsoft.com/en-us/entra/identity/saas-apps/g-suite-provisioning-tutorial. There is more information here as well: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/configure-automatic-user-provisioning-portal. The procedure outlined here will get you started- however, you will quickly realize that disablements are not synchronizing between the two platforms. I…
Linux – Configure Debian to Authenticate w/ Active Directory
A unique problem recently presented itself- how to allowing multiple users to access a Linux VM in a secure fashion. Generic user accounts seemed like a poor idea to me, as they would likely end up being mismanaged. And shared accounts are, of course, a terrible idea. So, what to do? Well, I am, of…
Azure – Malicious Authentication Emulation and Mitigation
The attack surface of a cloud tenant should get a lot of consideration. It is important to understand that some legacy protocols, like SMTP, are not capable of accommodating multifactor authentication; and, although they are largely being deprecated, we may still see them in use. Attackers are particularly fond of these legacy protocols, as they…
Thoughts on Obfuscation of Botnet C2 Communications
This afternoon, while mountain biking, I was listening to a cybersecurity podcast about botnets. The gentleman on the episode was discussing detection of unknown botnets by looking at recurring patterns from the level of a dynamic DNS provider. A provider like this has incredible insight into web traffic on a global scale. The man described…