Author Archives: m365guy

Mitigating CVE-2022-41040 with Exchange On-premises Mitigation Tool v2

CVE-2022-41040 is a SSRF vulnerability that recently came out, which impacts On-Premises Exchange servers. CVE-2022-41040 can enable an authenticated attacker to remotely trigger this exploit. However, authenticated access to the vulnerable Exchange Server is necessary to successfully exploit this. By the time of writing this blog post, Microsoft shared a temporary mitigation guidance that can be applied to harden Exchange

Read more

Revisiting Constrained Delegation

Constrained Delegation was introduced in Windows Server 2003 as an improved and more secure version of Unconstrained Delegation. Constrained Delegation allows admins to limit the services to which an impersonated account can connect to. It is using two Kerberos extensions to allow impersonation to only specific services. S4U2Self: An service can request a forwardable Service Ticket on behalf of any

Read more

Everything about Service Principals, Applications, and API Permissions

Service Principals are identities used by created applications, services, and automation tools to access specific resources. It only needs to do specific things, which can be controlled by assigning the required API permissions. The majority of organizations that work a lot with Azure AD, have service principals as well. Every time when an application has been registered. It will automatically

Read more

What I have learned from doing a year of Cloud Forensics in Azure AD

Today I would like to share my experience with doing Cloud forensics in Azure AD. I’ve been working for over a year with Azure Active Directory, and have primary focused on the different security aspects of it. One of my main focus has been doing Cloud forensics, which I will tell more about. I was always interested in understanding, where

Read more
« Older Entries Recent Entries »