The Cyber Threat Perspective

Episode 98: Current State of M365 Attacks: Initial Access

SecurIT360 Season 1 Episode 98

In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session HijackingAdversary-in-the-Middle (AiTM) AttacksOAuth Phishing, Legacy Authentication ProtocolsApp Passwords, Conditional Access Policies

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://twitter.com/cyberthreatpov
Work with Us: https://securit360.com

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://twitter.com/cyberthreatpov
Work with Us: https://securit360.com