Featured content
-1.png)
-
Apr 09, 2024
Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection
Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files.
Eric Saraga
6 min read
-
Mar 11, 2022
Is this SID taken? Varonis Threat Labs Discovers Synthetic SID Injection Attack
Varonis Threat Labs researchers have discovered a technique where threat actors with existing high privileges can inject synthetic SIDs into an Active Directory Access Control List (ACL). This creates a scenario where backdoors and hidden permission grants can occur when a new account is created with a matching legitimate SID.
Eric Saraga
3 min read
-
Feb 02, 2022
Using Power Automate for Covert Data Exfiltration in Microsoft 365
What is Power Automate? Power Automate, formerly known as Microsoft Flow, allows users to automate workflows between various apps and services. Using Power Automate, you can create "flows" in Microsoft 365 for Outlook, SharePoint, and OneDrive to automatically share or send files, forward emails, and much more.
Eric Saraga
5 min read
-
Aug 20, 2020
Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant
Phishing remains one of the most successful ways to infiltrate an organization. We’ve seen a massive amount of malware infections stemming from users opening infected attachments or clicking links that send them to malicious sites that try to compromise vulnerable browsers or plugins.
Eric Saraga
5 min read
-
Apr 22, 2020
Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials
EDIT: Security researcher Adam Chester had previously written about Azure AD Connect for Red Teamers, talking about hooking the authentication function. Check out his awesome write-up here.
Eric Saraga
6 min read