Uhkametsä

5: Agentti mäyrä

October 09, 2022 Jouni Mikkola & Juuso Myllylä
Uhkametsä
5: Agentti mäyrä
Show Notes

Päivän agendalla helikopteri ja mäyrä, eli Exchange RCE, Brute Ratel ja muutama sana MFA:n kiertämisestä.

MFA Fatigue & Chromium Application Mode:

  • https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/defend-your-users-from-mfa-fatigue-attacks/ba-p/2365677
  • https://mrd0x.com/phishing-with-chromium-application-mode/

Exchange RCE:

  • https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
  • https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9
  • https://twitter.com/gossithedog/status/1578415137031352320?s=46&t=KeVQW4u6YTNTnCmlBUSlKw

Brute Ratel:

  • https://www.splunk.com/en_us/blog/security/deliver-a-strike-by-reversing-a-badger-brute-ratel-detection-and-analysis.html
  • https://research.splunk.com/stories/brute_ratel_c4/

Intro & Outro music by Ephmerix @ https://ephmerix.com/
Graphics by Panu Palm @ https://panupalm.fi/