Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/111825315171797868">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 27-Jan-2024 10:28:31 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250105013211.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/111825282692282442" rel="in-reply-to">in reply to</a></div></section><article><p>I’ve said this one before prior too, but to reiterate - GraphAPI is a disaster in terms of cybersecurity.  </p><p>Eg you can easily dump out the metadata of all Azure AD users with Graph, and none of the Defender products trigger an alert. Do it on prem AD? MDI alert. Try Graph Explorer for point and click queries: <a href="https://learn.microsoft.com/en-us/graph/graph-explorer/graph-explorer-overview" rel="nofollow noreferrer">https://learn.microsoft.com/en-us/graph/graph-explorer/graph-explorer-overview</a></p><p>It’s not just that use case. Smart attackers are not thinking in graphs, they’re living off Microsoft Graph. You can avoid alerting. It’s not just Russia.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2609876#notice-5231030">In conversation</a><time datetime="2024-01-27T10:28:31+09:00" title="Saturday, 27-Jan-2024 10:28:31 JST">about a year ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/111825315171797868" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/111825315171797868">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2170898">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 27-Jan-2024 10:28:31 JST Kevin Beaumont
in reply to
I’ve said this one before prior too, but to reiterate - GraphAPI is a disaster in terms of cybersecurity.
Eg you can easily dump out the metadata of all Azure AD users with Graph, and none of the Defender products trigger an alert. Do it on prem AD? MDI alert. Try Graph Explorer for point and click queries: https://learn.microsoft.com/en-us/graph/graph-explorer/graph-explorer-overview
It’s not just that use case. Smart attackers are not thinking in graphs, they’re living off Microsoft Graph. You can avoid alerting. It’s not just Russia.
In conversationabout a year ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice