Microsoft 365 is one of the most ubiquitous productivity platforms in the world. Unfortunately, M365’s popularity has been noted by threat actors and has therefore become an ideal target for intrusions, whether being used for initial access or actions on objective. A week does not go by where we don’t see another intrusion affecting [...]
About SoteriaThis author has not yet filled in any details.
So far Soteria has created 6 blog entries.
In the Trenches By: Matthew Otte Our previous post detailed common pitfalls and ways to avoid them as you develop your organization’s incident response capabilities. This post is intended to address the next steps by covering concepts that may aid you during an incident response (these tips are also great to keep in mind [...]
Part 1 - Before the Storm By: Matthew Otte Throughout their many years of practice, Soterians have advised for, participated in, and commanded a large assortment of cyber security incident responses (IRs) in the form of both exercises and real-world events. Though no two response efforts are exactly alike, Soteria has discovered a [...]
By: David S. MANAGE. DETECT. RESPOND. In any organization that uses computers to manage or operate their business, there is inherent risk of a cyber incident. The level of risk can vary based on the structure of systems, controls in place, the storage or transfer of sensitive information (e.g. financial, personal, health, or intellectual property), [...]
By Carl L Active Directory is the backbone of most organizations, and compromising this tool is the Holy Grail for most attackers. Any organization that has been around for a while has likely been through many iterations of Active Directory. Over the years they may have seen hundreds or thousands of different recommendations, upgrades, [...]
By: Carl L. Following the release of two recent blogs regarding Microsoft’s Azure Active Directory default configurations, we began digging a little further into the access an unprivileged user has inside any tenant running any of the default settings in their tenant. What we’ve found is that the Default Enabled settings allow any unprivileged, authenticated [...]