How Hackers Persist & Privesc in Microsoft 365
Рет қаралды 40,167
Күн бұрынjh.live/altere... || Black Friday Sale! Get 20% off Altered Security training for Active Directory & Entra ID penetration testing and get certified! jh.live/altere...
Learn Cybersecurity with Just Hacking Training: justhacking.com
Learn Coding: jh.live/codecr...
Don't listen to other "influencer" VPN crap -- host YOUR OWN: jh.live/openvpn
WATCH MORE:
Dark Web & Cybercrime Investigations: • Tracking Cybercrime on...
Malware & Hacker Tradecraft: • Malware Analysis & Thr...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥KZbin ALGORITHM ➡ Like, Comment, & Subscribe!
@MatazaNz Ай бұрын
Great, eye-opening video as always John. I manage multiple Entra ID tenants, and will be locking this behaviour down. I might add Graph Runner to my toolset for testing tenant vulnerabilities to illustrate why these things should be locked down.
@simple-security Ай бұрын
Defender's summary: PIM, PIM for groups, conditional access, access reviews FTW. (And the user settings you mentioned at 25:15) Thanks John!
@muzso Ай бұрын
About whether it's "necessary" that users can invite guests into the tenant ... If your users want to add somebody from outside the organization to an O365 Teams team (which is a common collaboration requirement), they have to add that person as a guest to their organization's tenant. So usually the "Member users and users assigned ... can invite guest users ..." is selected as a more restrictive setting than the default "Anyone".
@nicholasmartinez7011 Ай бұрын
I was just working on a project to harden our tenant and we were unable to create a dynamic group that had admin privileges. I was frustrated by this as we have hundreds of admins I have to manage and I have to assign admins to these groups manually, but after seeing this I know understand why Microsoft does not allow this. Great video!
@markc6714 Ай бұрын
I might be a dinosaur but I firmly believe that security should not be dynamic, and users should not be able to join or manage their group access
@c1ph3rpunk Ай бұрын
So long as there is a defined set of permissions on the group, what objects it can apply to and has PIM with approval behind it, being able to gain new privs, on the fly, and can be dropped automatically, helps.
@ahmadmansour1171 Ай бұрын
well i am new to Entra and azure, can you elaborate why ?
@maaikevreugdemaker9210 Ай бұрын
I think it is fine to defer authority to users to things like sharepoint sites, teams or powerbi workspaces as long as it's limited to your directory right?
@richieMP118 Ай бұрын
imo it's good to have more options, and in some environments it might be necessary, the issue here is that low privilege users might still have a lot of privileges by default, user accounts should have the minimal amount of permissions unless explicitly set by an admin
@bolivianPsyOp Ай бұрын
I think, as with all things, it depends on your threat model and specific org.
@mohdcom25 Ай бұрын
John is one of the legends in Cybersecurity
@dagobert6420 Ай бұрын
Another good entry point is the enterprise apps settings in Azure. By default all users are able to register those enterprise apps and also able to grant permissions to them.
@Duder-y5o Ай бұрын
This guy gets it
@CF39D4FB4A Ай бұрын
100% And too many people seem completely unaware of them
@50PullUps Ай бұрын
Are you sure about that? You’re saying that non-admin users (meaning an account that holds no active role assignments) are capable of applying a role permission to an enterprise app? All users are capable by default of *consenting* to the delegation of permissions to an enterprise app… but the user account must already have had those permissions assigned in the first place.
@bolivianPsyOp Ай бұрын
This is also my understanding but I haven’t toyed around in those menus from a non privileged account
@whysoserious.5723 Ай бұрын
Could you explain this further? How has a normal User theses rights and how can he practically use it?
@gat2871 Ай бұрын
Beautiful! As always, super clear and fun to watch. Thank you!
@SzymekCRX Ай бұрын
That was a good one. Actually checked that in my company's Azure tenant. Thank You :)
@eddie79it1 7 күн бұрын
what to say..thanks for the continuos showcase that is helping understand how the attacks can be done..
@Sam_Bent Ай бұрын
Another great video, great work John!
@chrisalupului Ай бұрын
Appreciate the video John 👍
@Ptysolution Ай бұрын
I love this guys he is s a good teacher and mentor
@armymdc4 Ай бұрын
So, what is to say that the attacker can run a powershell script and not get picked up by the SOC? I guess if we are talking smaller organizations this should get by. Just ramblin
@PeterswoLP Ай бұрын
I watched this as a sysadmin trying to protect. Glad to be protected from this shenanigans
@yavuz5458 Ай бұрын
I watched like a horror movie. It is unbelievable what a hacker can do
@AlexTsaava Ай бұрын
Thanks you so much you probably made me a lot better in cyber security ❤❤ I even watched your 12 year old videos 😊
@C.ClaytonJones-d8e 21 күн бұрын
Hi. I have evidently been hacked by someone who really dislikes me and is determined to not let my system run my way. They install vms, several Intel xtu devices, use the printer server and remote desktop. I suspected it may be near me but I need to make sure. I also need to stop them. Any ideas?
@immersiveinment Ай бұрын
While I was downloading the aurora lite as you said in one of your videos...using brave browser, the browser showed me like "virus detected", am I hacked ...John? It all happened while downloading the aurora lite version on my laptop..
@Pumbafb 24 күн бұрын
I’ve finished my cert iv in cyber security I would like to be a pen tester or a cyber security analyst what do I do now
@tmac9208 Ай бұрын
and why you need to do audits of groups/folders/files/users routinely
@tmac9208 Ай бұрын
? Does the icon look any different or the type column say dynamic..ruel here is dont use dynamic groups..yup
@TELL_ME_WHY_NOT Ай бұрын
Thanks John
@jytan740 Ай бұрын
another microsoft "feature" that is exploited
@johngoodbrake7056 Ай бұрын
Doing this to my boss. Hold my beer
@uncleburu9464 Ай бұрын
Wow this must be interesting
@Zachsnotboard Ай бұрын
is there still no way to set up a m365 sandbox anymore ?
@dagobert6420 Ай бұрын
Unfortunately microsoft has stopped the test-tenant feature for dev accounts. What you can do is register for trial e3 license and when you created the tenant and it asks you for credit card you can abort the process and the tenant is still created and usable (but without licenses)
@Zachsnotboard Ай бұрын
@@dagobert6420 ooo thank you, I have been looking for a solution
@srikeshmaharaj Ай бұрын
John, John, John....
@pswalia2u Ай бұрын
Feedback: Satisfied with persistence 🤣
@RichDOTDOTcom 22 күн бұрын
I'm interested to find out how to see what events are triggered on the victim side, anyone else tried looking at this from a logging perspective?
@CalinMartinconi Ай бұрын
Your title `How Hackers Persist & Privesc in Microsoft 365` , is `Privesc` and english word? For sure is a romanian one.
@c1ph3rpunk Ай бұрын
It’s a combination of words, ‘Privilege Escalation’, common shorthand in security.
@benardtera1090 Ай бұрын
Let me go through this
@srikeshmaharaj Ай бұрын
Finally...
@nigellawrence7173 Ай бұрын
john l love it
@roxyu3384 Ай бұрын
How would someone so stupid to create a dynamic group for admins?!
@Fisjeie Ай бұрын
type shii ✍️
@innxrmxst2207 Ай бұрын
12:32
@lxn7404 Ай бұрын
How could this be a default behavior 🎉 sometimes I wonder if devs smoke weeds at Microsoft
@UkashaHacksCommunity Ай бұрын
First commetor. Thanks
@carsonjamesiv2512 Ай бұрын
😃👍👍
@brewdir Ай бұрын
These default configurations are sooooooooooooooo dumb lol
@CristiNeagu Ай бұрын
This title is very confusing to Romanians...
@iamwitchergeraltofrivia9670 Ай бұрын
So dumb windows and Microsoft
@oussamasky1 Ай бұрын
First
@chesthoIe Ай бұрын
No, Dick. People count sheep to try and sleep. Is dreaming about sheep even much of a thing, possibly outside some sleepy shepherd circles?
@rsinistic Ай бұрын
Highlights the importance of RBAC and PIM .
@LinuxJedi Ай бұрын
maybe record both screens?
PuffPaw Arabic
Рет қаралды 14 МЛН
DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini
DEFCONConference
Рет қаралды 107 М.