Black Hills InfoSec - Exploiting MFA Inconsistencies on Microsoft Services

Beau Bullock // Overview On offensive engagements, such as penetration tests and red team assessments, I have been seeing inconsistencies in how MFA is applied to the various Microsoft services. Across Microsoft 365 and Azure, there are multiple endpoints. These endpoints can all be configured under different Conditional Access policy settings, which sometimes lead to […]

The post Exploiting MFA Inconsistencies on Microsoft Services appeared first on Black Hills Information Security.



from Black Hills Information Security https://www.blackhillsinfosec.com/exploiting-mfa-inconsistencies-on-microsoft-services/

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"