TrustedSec Security Blog

2023 Resolutions for Script Kiddies

January 17, 2023

Introduction 2022 was a tough year. It seemed like no one was safe. Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, Okta, Uber—and those were just some of Lapsus$’s breaches. What’s a Script Kiddie to do to be better protected in 2023? Another year in the books, and it was another big year for cybersecurity. While 2022 did…

Read

Auditing Exchange Online From an Incident Responder’s View

November 8, 2022

Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s), and uses this…

Read

Real or Fake? How to Spoof Email

January 11, 2022

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…

Read

Attacks on the Rise Through Office 365

September 17, 2019

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…

Read
the cloud blog graphic

Owning O365 Through Better Brute-Forcing

May 14, 2019

TL;DR: User Enumeration is key. Done enumerating? Do more. The classic passwords still work. Once you get some credentials, get more. Office 365 (O365) has become a trend in organizations. More and more, administrators are offloading their mail to The Cloud™. No longer are admins shackled to their Exchange servers, executing patch after patch in…

Read
holiday phishing graphic

Holiday Phishing: Office 365

November 15, 2018

  It’s that time of year again, Merry Phishmas!! Holidays are the prime time of the year for attackers to send Phishing campaigns. Whether you are looking for the best deal on Black Friday, the best Christmas gift for that special family member, or a Holiday greeting from employees, employers, or costumers, there are plenty…

Read
TrustedSec smiley icon

Office 365 – Advanced Threat Protection (ATP): Features and Shortfalls

February 13, 2017

Office 365 has an assortment of capabilities allowing both small to extremely large businesses to move their infrastructure and services to the cloud. In 2015, Microsoft introduced their “Advanced Threat Protection” functionality and has since been bolstered in 2016 and 2017 as a direct way to protect against advanced attacks. If you look at Microsoft’s…

Read
  • Browse by Category

  • Clear Form