Published On Dec 22, 2020
I will go over the recent NSA Document and break down the various methods an adversary would try in order to compromise your on-premises environment and gain access to your cloud resources. I also will give a brief into to identity for folks that need a quick recap.
00:00:00 - Intro
00:01:40 - Intro to Azure Authentication Methods
00:02:57 - Method 1 - Password Hash Sync
00:06:02 - Method 2 - Pass-through authentication
00:09:38 - Method 3 - Federation
00:11:40 - NSA TTP #1 - Method 1 - Forge Trusted Auth Tokens
00:13:28 - NSA TTP #1 - Method 2 - Add bad federated trust relationship
00:15:40 - NSA TTP #2 - Use Global admin to assign SPN creds
00:18:15 - NSA Recommendations
00:22:49 - 4 Principles to secure org from on-premises attacks
Solarwinds Breach | Animated Solarwinds Breach Attack Flow - EP1
• SolarWinds Breach | Protecting from o...
Solarwinds Breach | UCG is formed and CISA release a free tool - Sparrow.ps1 | EP3
• Solarwinds Breach Update | UCG is for...
Security Things Playlist
• Security Things
NSA - Detecting Abuse of Authentication Mechanisms
https://media.defense.gov/2020/Dec/17...
Protecting Microsoft 365 from on-premises attacks
https://techcommunity.microsoft.com/t...
Security Rapid Modernization Plan
https://docs.microsoft.com/en-us/secu...
Turn off ADFS authentication and move to Azure AD
• Microsoft Entra ID: Cut off ADFS Auth...
CISA - Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
https://us-cert.cisa.gov/ncas/alerts/...
Connect with me!
Twitter - / teachjing
LinkedIn - / teachjing