By Carl L Active Directory is the backbone of most organizations, and compromising this tool is the Holy Grail for most attackers. Any organization that has been around for a while has likely been through many iterations of Active Directory. Over the years they may have seen hundreds or thousands of different recommendations, upgrades, [...]
By: Carl L Following the release of two recent blogs regarding Microsoft’s Azure Active Directory default configurations, we began digging a little further into the access an unprivileged user has inside any tenant running any of the default settings in their tenant. What we’ve found is that the Default Enabled settings allow any unprivileged, authenticated user [...]
Open-Source, Automated Microsoft 365 Security Assessment: Announcing Soteria 365 Inspect Try it for yourself here: https://github.com/soteria-security/365Inspect Although infrastructure deployment technologies like Amazon Web Services and Microsoft Azure steal the headlines, the shift of business productivity tools to the cloud was just as rapid. For many, that need is served by Office 365, [...]
The Challenge of Multi-Account Management in Amazon Web Services (AWS) By Anthony Baio AWS provides organizations with a powerful capability to build and scale with minimal overhead. An often-overlooked consideration when standing up these environments is developing a scalable way to securely manage identities and user access. Addressing this challenge early on will [...]
