Blocking Harmful User Agents: Defender for Cloud Apps and Conditional Access

Asa Kaczynski
#MDCA  #Microsoft Defender for Cloud Apps  #Conditional Access  #Entra ID  #User Agents  #Log Analytics  #Microsoft Sentinel  #Reverse Proxy  #Hardening  #Azure  #KQL  Blocking Harmful User Agents: Defender for Cloud Apps and Conditional Access

Summary

An often overlooked control that your organization may already pay for, but underutilize, is Defender for Cloud Apps + Conditional Access policies. These are surprisingly effective, straightforward to set up, and granular once you get a handle on the process. In my cloud apps hardening journey, I found that this specific use case (and many more!) are not well documented or laid out as clear as they could be in Microsoft documentation. Instead of paying a third-party for their bespoke product, you can leverage the capabilities of MDCA and conditional access to act as a reverse proxy for your Entra ID user authentication traffic.

Read more

Attacking CUPS: A ‘Half-Empty’ RCE Vulnerability?

Asa Kaczynski
#cups  #cups-browsed  #disclosure  #exploit  #hacking  #ipp  #printer  #printing  #rce  #responsible disclosure  #udp  #unix  #zeroconf  Attacking CUPS: A 'Half-Empty' RCE Vulnerability?

Summary

Security researcher, Simone Margaritelli, otherwise known as @evilsocket, has disclosed a vulnerability in OpenPrinting CUPS, an open source printing system for GNU/Linux systems. This vulnerability which is currently assigned 4 CVEs at the time of writing, allows an attacker to perform an unauthenticated remote code execution attack against systems running CUPS. Earlier, there was speculation from Simone that engineers from RedHat and Canonical have evaluated a CVSS:3.1 score of 9.9, but this is still to be determined and the general consensus in online discussions is that the vulnerability is overblown, but new information is still coming to light. The full scope of impact has been rumored to affect all GNU/Linux systems, including macOS as mentioned by Simone himself, and does not have an official patch at this time.

Read more

Leveraging AI for Effective Threat Hunting and Detections

Asa Kaczynski
#threat hunting  #KQL  #detection rules  #Sigma  #RootA  #AI  Leveraging AI for Effective Threat Hunting and Detections

Many of us have been there: the daily threat feeds, threat exchange platforms, combing through lists of IOCs of varying difficult formats, even sometimes manually keying in from screenshots. All of this just to gather data to write threat hunting queries and detection rules. With AI, we can make our lives a little bit easier when it comes to basic hunting and detection, and even learn a few things in the process.

Read more

Auditing Insecure MFA Methods Used in Microsoft Entra With Log Analytics

Asa Kaczynski
#MFA  #log analytics  #phishing  #conditional access  #KQL  #Azure  #Entra  Auditing Insecure MFA Methods Used in Microsoft Entra With Log Analytics

As we all know, getting our organization onto Multi-factor authentication (MFA) is just the first step. The real challenge lies in moving to more secure second factors that can withstand increasingly sophisticated emerging threats. Unfortunately, industry support for moving to more advanced MFA methods is still not where it needs to be. But as security-minded individuals, we want to stay ahead of the curve and protect our users and environments from potential attacks.

Read more