Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/111825345929536180">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 27-Jan-2024 10:36:21 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20251103133701.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/111825315171797868" rel="in-reply-to">in reply to</a></div></section><article><p>Why attackers are living off Microsoft Graph - until a few months there wasn’t any logging of GraphAPI access queries (!), it’s still only in Preview, it isn’t available in US Government tiers (hack the planet) and it costs money. <a href="https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview" rel="nofollow noreferrer">https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview</a></p><p>You can literally run around doing a whole bunch of things at an org without touching a VPN, without triggering an MS product alert and without a log.</p><p>MS support often say things like ‘you can see the activity in Azure AD audit logs’.. nope.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2609876#notice-5231077">In conversation</a><time datetime="2024-01-27T10:36:21+09:00" title="Saturday, 27-Jan-2024 10:36:21 JST">Saturday, 27-Jan-2024 10:36:21 JST</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/111825345929536180" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/111825345929536180">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2170929">Untitled attachment</a></label><br></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="http://log.MS/">log.ms - このウェブサイトは販売用です！ - log リソースおよび情報</a></h5><div></div></header><div>このウェブサイトは販売用です！ log.ms は、あなたがお探しの情報の全ての最新かつ最適なソースです。一般トピックからここから検索できる内容は、log.msが全てとなります。あなたがお探しの内容が見つかることを願っています！</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 27-Jan-2024 10:36:21 JST Kevin Beaumont
in reply to
Why attackers are living off Microsoft Graph - until a few months there wasn’t any logging of GraphAPI access queries (!), it’s still only in Preview, it isn’t available in US Government tiers (hack the planet) and it costs money. https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview
You can literally run around doing a whole bunch of things at an org without touching a VPN, without triggering an MS product alert and without a log.
MS support often say things like ‘you can see the activity in Azure AD audit logs’.. nope.
In conversationSaturday, 27-Jan-2024 10:36:21 JST from cyberplace.socialpermalink
Attachments
1. Untitled attachment
2. No result found on File_thumbnail lookup.
  log.ms - このウェブサイトは販売用です！ - log リソースおよび情報
  このウェブサイトは販売用です！ log.ms は、あなたがお探しの情報の全ての最新かつ最適なソースです。一般トピックからここから検索できる内容は、log.msが全てとなります。あなたがお探しの内容が見つかることを願っています！

Public

Embed Notice

HTML Code

Corresponding Notice