Microsoft 365 Security

Mitigating CVE-2022-41040 with Exchange On-premises Mitigation Tool v2

Posted on October 5, 2022 by m365guy Leave a comment

CVE-2022-41040 is a SSRF vulnerability that recently came out, which impacts On-Premises Exchange servers. CVE-2022-41040 can enable an authenticated attacker to remotely trigger this exploit. However, authenticated access to the vulnerable Exchange Server is necessary to successfully exploit this. By the time of writing this blog post, Microsoft shared a temporary mitigation guidance that can be applied to harden Exchange

Windows OS

How to upgrade the CU level of an On-Premises Exchange server?

Posted on October 5, 2022 by m365guy One comment

This will be a straight forwarded blog post where I’m going to explain on how we can upgrade On-Premises Exchange servers CU level. Upgrading the CU level in general has been a challenging task since it’s not the same as traditional Windows updates. If you are looking for guidance on how to upgrade Exchange servers that don’t have the latest

Active Directory

Practical Guidance for IT Admins to respond after Ransomware attacks

Posted on September 19, 2022 by m365guy 5 comments

Keep in mind that hiring an IR firm is recommended before executing all of these steps. Perform the steps that are applicable to you and your organization. It’s been a while that I’ve blogged, but today. I’d would like to cover how we can respond to a ransomware attack, while focusing on the remediation part. This blog post will be

Active Directory

Lateral Movement with Managed Identities of Azure Virtual Machines

Posted on November 30, 2021 by m365guy 2 comments

This blog post will cover details around Managed Identities in Azure VMs. During this blog post, we are trying to get a few questions answered, which goes from what Managed Identities are, why people are using them, and if we could abuse them to move laterally, etc. This blog post will be focusing on Managed Identities of Azure Virtual Machines,

Uncategorized

Azure IaaS: Managing Azure Virtual Machines

Posted on November 27, 2021 by m365guy Leave a comment

I’ve decided to write this blog post to have a better understanding of Azure Virtual Machines. This blog post was more meant for myself. It covers basic stuff around Azure VM administration and some security stuff. There will be more similar blog post around Microsoft Azure topics. Azure Virtual Machine An Azure virtual machine is a computer resource that is

Azure Active Directory

Kerberoast with OpSec

Posted on November 8, 2021 by m365guy One comment

You must have been thinking… Is this another blog post about Kerberoasting? Well yes and no. During this time, we will be discussing how to Kerberoast accounts, while trying to stay under the radar from a defender’s perspective. The focus is primary on the technique itself, and not the fact that I’m using PowerShell 😉 Kerberoasting is an technique that

Revisiting Constrained Delegation

Posted on November 2, 2021 by m365guy Leave a comment

Constrained Delegation was introduced in Windows Server 2003 as an improved and more secure version of Unconstrained Delegation. Constrained Delegation allows admins to limit the services to which an impersonated account can connect to. It is using two Kerberos extensions to allow impersonation to only specific services. S4U2Self: An service can request a forwardable Service Ticket on behalf of any

Revisiting Unconstrained Delegation

Posted on October 27, 2021 by m365guy Leave a comment

Unconstrained Delegation is an insecure feature within Active Directory that allows users or computers to impersonate other accounts on the network. Every time that a user is requesting a Service Ticket from a Domain Controller to access a service. The Domain Controller will make a copy of a user’s TGT, and attach it to the Service Ticket, which will be

Everything about Service Principals, Applications, and API Permissions

Posted on July 24, 2021 by m365guy Leave a comment

Service Principals are identities used by created applications, services, and automation tools to access specific resources. It only needs to do specific things, which can be controlled by assigning the required API permissions. The majority of organizations that work a lot with Azure AD, have service principals as well. Every time when an application has been registered. It will automatically

Azure Active Directory

What I have learned from doing a year of Cloud Forensics in Azure AD

Posted on July 13, 2021 by m365guy One comment

Today I would like to share my experience with doing Cloud forensics in Azure AD. I’ve been working for over a year with Azure Active Directory, and have primary focused on the different security aspects of it. One of my main focus has been doing Cloud forensics, which I will tell more about. I was always interested in understanding, where

« Older Entries Recent Entries »