Episode 98: Current State of M365 Attacks: Initial Access - podcast episode cover

Episode 98: Current State of M365 Attacks: Initial Access

The Cyber Threat Perspective
Jun 26, 202427 minSeason 1Ep. 98
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session HijackingAdversary-in-the-Middle (AiTM) AttacksOAuth Phishing, Legacy Authentication ProtocolsApp Passwords, Conditional Access Policies

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://twitter.com/cyberthreatpov
Work with Us: https://securit360.com

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov

Spencer's Twitter: https://x.com/techspence
Spencer's LinkedIn: https://linkedin.com/in/SpencerAlessi

Work with Us: https://securit360.com

Episode 98: Current State of M365 Attacks: Initial Access | The Cyber Threat Perspective podcast - Listen or read transcript on Metacast