Edge Password Vault, SSO, Domain Admin Creds
Summary In this episode, the hosts discuss the Edge password vault and its pros and cons. They highlight the ability to sync passwords to an enterprise ID and the encryption of passwords on the disk. However, they also mention limitations such as the lack of MFA support and the inability to share passwords. The conversation then shifts to best practices for IT admins, including the separation of roles and credentials and the use of password managers. The hosts also emphasize the importance of implementing single sign-on and federating SaaS apps to improve security. Takeaways -The Edge password vault offers convenient password syncing to an enterprise ID and encryption of passwords on the disk. -However, it lacks features such as MFA support and password sharing, making it less suitable for enterprise use. -IT admins should separate roles and credentials, implement single sign-on, and federate SaaS apps to improve security. -Password expiration policies should be reevaluated, as it is no longer necessary to change passwords every 90 days. ------------------------------------------- Youtube Video Link: https://youtu.be/YLIUq5soGhs ------------------------------------------- Documentation: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-password-manager-security https://learn.microsoft.com/en-us/entra/identity/users/users-sharing-accounts https://twitter.com/thetomzone/status/1760833981904228508?t=wVpJpdH7u2mDZZDEtx3bMg https://twitter.com/techspence/status/1761034174331535802?t=wVpJpdH7u2mDZZDEtx3bMg ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
27 Helmi 202434min
Bitlocker Bypass and USAF Re-org
In this episode, Andy and Adam discuss a video demonstrating how to bypass BitLocker encryption and the mitigations that can be implemented to protect against such attacks. They emphasize the importance of information protection and how it can enhance data security. Additionally, they highlight the reorganization of the US Air Force Cyber Command, which reflects the growing significance of cybersecurity in national defense. Takeaways - Implementing mitigations such as enabling a pre-boot pin and disabling power management features can help protect against BitLocker bypass attacks. -Information protection, including data classification, labeling, and encryption, can provide an additional layer of security for sensitive files. -The reorganization of the US Air Force Cyber Command demonstrates the increasing importance of cybersecurity in national defense. -Organizations should consider the placement and influence of their cybersecurity leaders to ensure that cybersecurity is prioritized and integrated into the overall organization. ------------------------------------------- Youtube Video Link: https://youtu.be/6JmcKgNwfsE ------------------------------------------- Documentation: https://www.youtube.com/watch?v=wTl4vEednkQ https://www.techspot.com/news/101792-microsoft-bitlocker-encryption-can-cracked-43-seconds-4.html https://www.microsoft.com/en-us/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/ https://www.makeuseof.com/amd-ftpm-intel-ppt/ https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/countermeasures#attacker-with-skill-and-lengthy-physical-access https://www.airforcetimes.com/news/your-air-force/2024/02/13/air-force-unveils-command-changes-wing-plans-in-bid-to-outpace-china/ ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20 Helmi 202431min
Microsoft Sentinel Deep-Dive with Henrik Wojcik
Summary In this episode, Henrik Wojcik, a Microsoft MVP, joins the hosts to discuss Microsoft Sentinel and provide a deep dive into its deployment and usage. They cover topics such as data residency and compliance considerations, separating operational logs and security logs, connectors for data ingestion, analytics rules and alert fatigue, scheduled queries and user and entity behavior analytics (UEBA), playbooks and automation, workbooks and data visualization, and advanced hunting with KQL queries. Takeaways Consider data residency and compliance requirements when deploying Microsoft Sentinel. Separate operational logs and security logs to optimize cost and focus on relevant data. Use connectors to ingest data from various sources into Microsoft Sentinel. Tune analytics rules to avoid alert fatigue and focus on valuable alerts. Utilize scheduled queries and UEBA to identify suspicious behavior and automate investigations. Leverage playbooks and automation to streamline incident response and reduce manual effort. Create workbooks for data visualization and customize them to display relevant information. Explore advanced hunting with KQL queries to proactively search for threats and investigate incidents. ------------------------------------------- Youtube Video Link: https://youtu.be/n9dDfmX-A9Q ------------------------------------------- Documentation: https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers#free-data-sources Henrik Wojcik: https://www.linkedin.com/in/henrikfrandswojcik/ https://twitter.com/henrikwojcik ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
13 Helmi 202448min
Cloudflare Hacked, Intune Suite, Apple Stolen Device Protection
Summary In this episode, the hosts discuss the Cloudflare and Okta breach, the response and remediation efforts, the introduction of the Intune Suite, and the new stolen device protection feature on the iPhone. Takeaways Nation-state attackers have unlimited time to find weaknesses and exploit them, highlighting the asymmetrical nature of cybersecurity. Cloudflare's response and remediation efforts, including re-imaging and rebooting all systems on their global network, were impressive. The Intune Suite offers enterprise application management, advanced analytics, and cloud PKI, providing valuable tools for device management. The stolen device protection feature on the iPhone adds an extra layer of security by requiring biometric authentication for critical changes when the device is away from a familiar location. ------------------------------------------- Youtube Video Link: https://youtu.be/n9dDfmX-A9Q ------------------------------------------- Documentation: https://blog.cloudflare.com/thanksgiving-2023-security-incident https://www.microsoft.com/en-us/security/blog/2024/02/01/3-new-ways-the-microsoft-intune-suite-offers-security-simplification-and-savings/ https://support.apple.com/en-us/HT212510 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
6 Helmi 202432min
Midnight Blizzard Attack on Microsoft
Summary In this episode, the hosts discuss the midnight blizzard attack on Microsoft and the lessons that can be learned from it. They cover topics such as learning from security incidents at other organizations, the details of the attack, OAuth attacks, and OAuth security recommendations. The hosts emphasize the importance of auditing privileges, reviewing OAuth applications, and implementing strong security measures to prevent similar attacks. They also highlight the need for organizations to move faster and be more proactive in their cybersecurity efforts. Takeaways Learn from security incidents at other organizations to make your own organization safer. Audit the privileges of all identities in your organization and review OAuth applications. Implement strong security measures, such as disabling user consent to apps and using conditional access. Move faster and be more proactive in your cybersecurity efforts. ------------------------------------------- Youtube Video Link: ------------------------------------------- Documentation: https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/ ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30 Tammi 202429min
X accounts hacked, 23andMe revisited, CA for Entitlement Management
Summary This episode of the Blue Security Podcast discusses the recent Twitter account hacks and the importance of multifactor authentication (MFA) in protecting social media accounts. The hosts also explore the lessons learned from 23andMe's credential stuffing attack and emphasize the need for MFA in handling sensitive customer information. They introduce a new feature called entitlement management in conditional access, which allows for more granular control over guest access. The episode concludes with a discussion on streamlining guest access through entitlement management. Takeaways Enable multifactor authentication (MFA) to protect social media accounts from brute force attacks and unauthorized access. Use tools that aggregate social media accounts into one platform and enable single sign-on (SSO) with MFA. Regularly review and update social media account access and permissions, removing phone numbers associated with accounts and storing passwords and MFA tokens in a secure password vault. Consider using entitlement management in conditional access to streamline and govern guest access to applications and resources. ------------------------------------------- Youtube Video Link: https://youtu.be/0pwV2Mn-l_4 ------------------------------------------- Documentation: https://thehackernews.com/2024/01/mandiants-x-account-was-hacked-using.html https://www.engadget.com/senators-want-to-know-why-the-secs-x-account-wasnt-secured-with-mfa-203614701.html https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/ https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-external-users#review-your-conditional-access-policies ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23 Tammi 202430min
Entra Join is the way
In this episode, Andy and Adam discuss the transition from hybrid join to cloud native Entra Join for device management. They explain the difference between device identity and device management and how they can be managed separately. They address concerns about GPOs and highlight the importance of reevaluating device management strategies. They also discuss accessing on-premises resources, overcoming Wi-Fi authentication challenges, and the shift away from gold images. The episode concludes with a discussion on Autopilot and the gradual transition to Entra Join. Takeaways -Device identity and device management can be managed separately, allowing organizations to transition to cloud native -Entra Join without changing their device management tools. -GPOs can be migrated to Intune using the Group Policy Analyzer, and custom ADMX profiles can be created to replicate GPO settings. -Organizations should reevaluate their device management strategies and consider lighter touch management approaches that align with modern IT practices. -Accessing on-premises resources with cloud native devices is possible through network connectivity, DNS resolution, and authorized user credentials. -Wi-Fi authentication challenges can be overcome by using pre-shared keys or transitioning to modern authentication methods. -The transition to Entra Join can be done gradually, starting with information workers and frontline workers, and leaving specialized environments for later. ------------------------------------------- Youtube Video Link: https://youtu.be/2BNAYJcxCJI ------------------------------------------- Documentation: https://learn.microsoft.com/en-us/autopilot/windows-autopilot-hybrid https://learn.microsoft.com/en-us/entra/identity/devices/device-sso-to-on-premises-resources https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
16 Tammi 202442min
Entra improvements, QR Code phishing, AppGuard deprecated
In this episode, Andy and Adam discuss updates to the Microsoft Authenticator app, including its phish-resistant capabilities and FIPS compliance. They also highlight the rise of QR code phishing and provide tips on protecting users from this type of attack. Additionally, they discuss the deprecation of Application Guard and the Evaluation Lab in the Microsoft Security Stack. Takeaways -The Microsoft Authenticator app is becoming phish-resistant and will support device-bound passkeys, providing a more secure authentication method. -QR code phishing is on the rise, and users should exercise caution when scanning unfamiliar QR codes. -Educating users and conducting phishing training campaigns can help mitigate the risk of QR code phishing. -Application Guard and the Evaluation Lab in the Microsoft Security Stack are being deprecated, and organizations should explore alternative solutions for sandboxed browsing and evaluation environments. ------------------------------------------- Youtube Video Link: https://youtu.be/24KccYCGR-o ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-entra-blog/advancing-cybersecurity-the-latest-enhancement-in-phishing/ba-p/2365681 https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/protect-your-organizations-against-qr-code-phishing-with/ba-p/4007041 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
9 Tammi 202433min
