Notices by Tanawts (enigma@infosec.exchange)

@GossiTheDog yes, but do those max settings Look pretty? ;)

Endeavor to be the prism in the windchime

Wield what is taken for granted and considered mundane in life

Create music from the air, and fracture the light into rainbows of brilliance that dance to the tune

Help others hear the melody, to see the beauty, and remember that the greatest thing you'll ever learn is just to love and be loved in return

There is a reoccurring Tactic, Technique, and Procedure (TTP) that threat actors have been demonstrating as highly effective.
It was most notably used by Lapsus$ and you can see the behavior Copy+Pasted in the majority of recent attacks:

Opportunistic Compromise of an account -> Pour over generally unrestricted internal docs/wikis/repos -> obtain design details -> use discovered unremeditated creds for informed lateral movement/follow up attacks with more specific deeper objectives/targets.

Big Takeaway for Engineering Teams & Business Leadership is -- You can no longer rely on the false sense of security-through-obscurity of your internal designs; attackers are deliberately targeting these for surgical strikes and it is no longer sensible to believe "the bad guys don't know how to attack our complex private internal systems/services because they don't understand how its put together"; in reality they may very well understand it better than your own employees.

@GossiTheDog Remember when folks were bummed when Naughty Dog said: We made this really cool Online Multiplayer Last of Us game... but we've made a company decision NOT to be a Live Games company and instead focus on our Core Experience? Hat's off to them for recognizing the challenge and sticking to convictions.

Oooof Rocksteady has been demonstrating the big pitfalls of trying to go from a rich stand-alone game dev model to having to staff and Support Live Online Services

:|

@GossiTheDog Of course my friend!

https://telegra.ph/How-to-Receive-Microsoft-Breach-Notifications-10-21

@GossiTheDog just wait for all the fun once the psyops and cyberops start flying in full swing leading up to the election

@GossiTheDog @alex -- I don't think this was from: Spraying M365 Mailbox accounts... Reading between those lines, "Non-Prod-Test-Tenant Account" That sounds a whole lot more like a 'Service Account/Machine Account" used for a Proof of concept tool/service; automation accounts aren't going to have MFA.

There are a great many different services/tools that are granted delegated access to various different things, email being accessed sounds to me that perhaps it was an automation service meant to trigger actions based on access to mail content/interaction.

InfoSec family, I see you and I love you