Christian Biehler (@cssec)

LOLBIN / LOLBAS – WinGet execute PowerShell script LOLBIN WinGet.exe can be exploited to download and execute remote and fileless PowerShell scripts.

www.zerosalarium.com/2024/12/LOLB...
Using WinGet as LOLBIN ...

26.01.2025 04:50 👍 0 🔁 0 💬 0 📌 0

VS Code Extension Impersonating Zoom Targets Google Chrome Cookies Uncover a deceptive VS Code extension, masquerading as Zoom, that pilfers your Google Chrome cookies. Join us as we expose the techniques behind this alarming supply chain campaign.

Schadsoftware als VSCode-Extension - 🤔
hunt.io/blog/malicio...

23.01.2025 06:04 👍 0 🔁 0 💬 0 📌 0

Microsoft 365 - Geräte-Compliance-Bypass - Angriffe auf Microsoft 365 über Gerätecompliance-Bypass sind ab jetzt der Standard. Intune-Portal sei dank, können Angreifer CA umgehen!

Heared about TokenSmith to Bypass Azure CA compliance Checks?
Using join/registered-Device as Indicator seems not to be affected - [german] www.bi-sec.de/2024/12/28/m... - Update from january 11.

11.01.2025 15:34 👍 0 🔁 0 💬 0 📌 0

GitHub - f-bader/TokenTacticsV2: A fork of the great TokenTactics with support for CAE and token endpoint v2 A fork of the great TokenTactics with support for CAE and token endpoint v2 - f-bader/TokenTacticsV2

#TokenTactics V2 now has support for auth code flow, if you know what I mean. Other features in v0.2.5 are Invoke-RefreshToDeviceRegistrationToken and backwards compatibility for the v1 endpoint for those special cases. #Entra

04.01.2025 17:48 👍 8 🔁 2 💬 1 📌 0

The link to the slides is missing a S in the HTTP part

i.blackhat.com/EU-24/Presen...

04.01.2025 19:21 👍 2 🔁 1 💬 0 📌 0

I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.

29.12.2024 02:46 👍 345 🔁 163 💬 39 📌 26

Microsoft 365 - Geräte-Compliance-Bypass - < bi-sec > Angriffe auf Microsoft 365 über Gerätecompliance-Bypass sind ab jetzt der Standard. Intune-Portal sei dank, können Angreifer CA umgehen!

Bypassing Device-Compliance in Microsoft 365 with the new Tool TokenSmith abusing Intune Portal App - [german] www.bi-sec.de/2024/12/28/m...

28.12.2024 15:06 👍 0 🔁 0 💬 0 📌 0

GitHub - aollivierre/ConditionalAccess: This repository contains a comprehensive set of Conditional Access (CA) policies and PowerShell management tools for Microsoft Entra ID (formerly Azure AD), des... This repository contains a comprehensive set of Conditional Access (CA) policies and PowerShell management tools for Microsoft Entra ID (formerly Azure AD), designed to enhance your organization&#3...

Looks promissing for Conditional Acceess ideas .. github.com/aollivierre/...

28.12.2024 05:54 👍 0 🔁 0 💬 0 📌 0

A look into authentication: Passwordless and Passkeys A journey into the world of authentication, from passwords, hashes, credentials, protocols, MFA, through to passwordless

Anyone can explain how the passkey can be shared across devices if they‘re stored in TPM where they can‘t be extracted?

geekwolf.cloud/2024/12/17/A...

28.12.2024 05:50 👍 0 🔁 0 💬 0 📌 0

Cybersecurity firm's Chrome extension hijacked to steal user data At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.

At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.

27.12.2024 10:39 👍 10 🔁 5 💬 0 📌 1

Microsoft 365 Security: Understanding Built-in Detection Mechanisms and Investigating Log Events As the landscape of cybersecurity threats evolves, protecting sensitive information stored within enterprise platforms like Microsoft 365…

Nice starting Point:
medium.com/@cyberengage...

25.12.2024 06:00 👍 0 🔁 0 💬 0 📌 0

Microsoft now allows connecting to Multi-tenant apps using Managed Identities Learn how to connect to other tenants using Managed Identity federation on your app registration in Microsoft Entra.

Another huge security improvement⚡Microsoft now allows you to federate your app registrations with a Managed Identity, perfect for securely accessing resources in other tenants with multi-tenant apps! > ourcloudnetwork.com/microsoft-no...

23.12.2024 08:15 👍 2 🔁 1 💬 0 📌 0

Got the Same things happening december 12 in one customer tenant - great List by @merill.net - what would we do without those stuff ❤️

14.12.2024 09:26 👍 1 🔁 0 💬 0 📌 0

GitHub - ricardojoserf/NativeBypassCredGuard: Bypass Credential Guard by patching WDigest.dll using only NTAPI functions Bypass Credential Guard by patching WDigest.dll using only NTAPI functions - ricardojoserf/NativeBypassCredGuard

github.com/ricardojoser...
Interesting Solution to get credentials on Windows.

10.12.2024 03:52 👍 0 🔁 0 💬 0 📌 0

Support tip: Windows device configuration policies migrating to unified settings platform in Intune | Microsoft Community Hub New unified settings for device configuration policies in Microsoft Intune!

‼️Important notice‼️

Administrative templates will no longer be available in Intune. Settings in this template can be configured via settings catalog only. Expected with Intune's December (2412) release.

techcommunity.microsoft.com/blog/intunec...

#Intune #Microsoft

29.11.2024 07:10 👍 7 🔁 3 💬 0 📌 0

GitHub - roadwy/DefenderYara: Extracted Yara rules from Windows Defender mpavbase and mpasbase Extracted Yara rules from Windows Defender mpavbase and mpasbase - roadwy/DefenderYara

Yara rules from MS Defender .. interesting project - github.com/roadwy/Defen...

26.11.2024 05:23 👍 0 🔁 0 💬 0 📌 0

Conditional Access protections for Generative AI - Microsoft Entra ID Protecting Gen AI services like Microsoft Copilot for Security and Microsoft 365 Copilot with Conditional Access

Working with AI and Microsoft?

You can build CA policies to protect usage of AI by enforcing Phishing-resistant MFA or other things.

learn.microsoft.com/en-us/entra/...

21.11.2024 05:01 👍 0 🔁 0 💬 0 📌 0

Digital Defense - The ultimate personal security checklist to secure your digital life The ultimate personal security checklist to secure your digital life

First seen … for all „hey … you‘re in security .. how do I protect my…“ questions.

digital-defense.io

21.11.2024 04:53 👍 0 🔁 0 💬 0 📌 0

Unlock Proactive Defense: Microsoft Security Exposure Management Now Generally Available | Microsoft Community Hub As the digital landscape grows increasingly interconnected, defenders face a critical challenge: the data and insights from various security tools are often...

Busy with too many vulnerabilites?
Microsofts answer to XMCyber is there: techcommunity.microsoft.com/blog/microso...
Surprisingly included in most licences without additional cost - worth a look.

21.11.2024 04:35 👍 0 🔁 0 💬 0 📌 0

How shall we do detection engineering with that? TimeGenerated and CreateDateTime more than 1 Hour apart
It was our test tenant during ohne of our public trainings... but I could not explain
#microsoft #m365 #security

20.11.2024 05:37 👍 0 🔁 0 💬 0 📌 0

Windows security book introduction Windows security book introduction

Just came across the updated #Windows 11 Security Book - learn.microsoft.com/en-us/window...
Still good graphical overview of security features.

20.11.2024 04:56 👍 0 🔁 0 💬 0 📌 0

Christian Biehler

Latest posts by Christian Biehler @cssec