I Took Over a Microsoft Cloud Account. Again.
Рет қаралды 107,105
Күн бұрын
@rogue2shadow Жыл бұрын
I literally stood up and clapped. Well played legend!
@GW_Oldie Жыл бұрын
I think the more appropriate question is not 'how do we hack an O365 account' rather, how do we stop this form of attack from working? MS currently only have CA or device registration as options that work to protect a user, but anyone using unregistered devices is basically screwed if that user gets phished. Many small businesses aren't licensed with (and cannot afford) the correct product to implement the security needed and many more, such as charities, have volunteers world-wide that use their own devices. How do these businesses implement CA effectively over such a widely distributed user-base? Would it be possible for MS to invalidate MFA tokens if the device isn't MDM registered and the IP address being used for the connection doesn't match the one against which the token was issued ??? I know they can report on this and it shows as Anomalous Token usage in Sentinel
@cobyiv Жыл бұрын
Not sure about prevent but at my org we have script automation to programmatically audit the unified log and search for M365 log-in IPs that vary in location in a specific time interval . So say a user logs in from IP A but then within a 4-hr window they are logged in to IP A and IP B a notification is sent to us. Yes, there are false positives but it has also helped us find some previously unknown compromises.
@Manavetri Жыл бұрын
Your videos are incredible, they never disappoint. Thanks for sharing
@Pranks101 Жыл бұрын
Did you bypass the email spam filter because you were apart of an active user within?
@TheBenSanders Жыл бұрын
Damn John, you just keep putting me on a list with these video titles. lmao
@rustystar5338 7 ай бұрын
John Hammond is it possible to hack a outlook account with no password and only with the Microsoft authenticator app, so if you login it send a notification to you app with a number is there also a way to bypass this?
@asuramaru6339 Жыл бұрын
idk if i missed something but why is the link in the phishing mail the actual microsoft link , how does this work?
@Al-Fisaa Жыл бұрын
The phish is not the link but the real remote login capability...the link only relays this(remote login capability) to the attacked
@asuramaru6339 Жыл бұрын
@@Al-Fisaa ok wait … is thos device Code the Remote Login , if he used the wrong Code it would not work. ?
@leonardofelippine9781 Жыл бұрын
Great video as usual. Another defense for this attack would be Identity Protection, with controls such as "Impossible travel situation", and Continuous Access Evaluation. Such different signals would probably trigger the defenses and block access
@LESLEYYY0 Жыл бұрын
Do you need special permissions for Send-MailMessage? If not then that's a concern...
@scriptkiddie1000 Жыл бұрын
@paulus9660 secondly all good company security has smtp auth disabled for internal users meaning you need to do modernauth smtp to send that email which you cant as you need to satisfy MFA
@אריאלבן-צ9ד Жыл бұрын
can you share the powershell script please
@webdesignsbytom Жыл бұрын
luckily no one uses teams, mail or calendar from them
@Al-Fisaa Жыл бұрын
Clean
@DavidAlvesWeb Жыл бұрын
not AGAIN!
@dydarjadmin Жыл бұрын
🎉🎉🎉🎉🎉🎉🎉😊😊😊😊
@CyberDevilSec Жыл бұрын
badass :)
@TheCyberWarriorGuy Жыл бұрын
:)
@Nailey-h7p Жыл бұрын
yoooooooo
@Pranks101 Жыл бұрын
Second
@floor_3d Жыл бұрын
first
@shortylele2770 Жыл бұрын
third.
@d_cb Жыл бұрын
not first :|
@danieljordan9004 Жыл бұрын
I’ve never heard of this before. My logarithm suggested this video for me. I’m sure I’m missing something but why are we teaching people to steal a Microsoft account?
@scriptkiddie1000 Жыл бұрын
Your on Powershell and you use ECHO , Fail ,
@rohith9799 Жыл бұрын
second
@wagidbebar4310 Жыл бұрын
second
Холли Лолли Live
Рет қаралды 4,7 МЛН
CNBC Television
Рет қаралды 494 М.
CNBC Television
Рет қаралды 212 М.