Spraying the Microsoft Cloud

URL: https://link.mail.beehiiv.com/ss/c/fUEHoxPHBUPWHP5Q302WVIH58bYs5gdOoFbzJ1fJmqXrob4Fkabdh3lpmMUpxcdPWEGAziHSpKirJ6rM9A2ZScffRv6lp9XP1TfUzPmuRtG1QM1CaBxjl76Mlqh2k1hsQtDHRRtcjdigeKzBqz6yOB8Zk_wHm_UA08j-BpJvE6dEOVMH3kGuq-GOpXOYx-5Za6nwrSbDYbLWGy8GVCYdin8z-suwtIGCQBccrtMx2xLnupEm6R_HwMhmo-ekmUcNmMzo3YNLYaq2HnHnz55Bny0CMG16a37reSxXAxFT-1g/3z7/7WD-4MjlT067PnSQjMCamg/h33/tKgTb1tabNg48UNtXvZEj9rNI1-6S6rAPUzwCuhjWjM

Adversaries continue to probe and make entry via the cloud perimeter of organisations. Multi-Factor Authentication (MFA) and additional security controls such as Conditional Access Control makes this a bit more challenging. In December 2021 Mandiant covered an incident where MFA push notification feature was abused to gain access to user accounts. In this write-up we will be going through various ways of detecting pre-cursors of MFA configuration probing and password spraying attacks in Microsoft 365 (M365). This write-up is based on four well documented Open Source Offensive Security Testing tools. (View Highlight)