This post looks at the recent trend of pulling Azure tokens from Office process memory and tries to identify just how these tokens were loaded, how Office handles a Microsoft Account (MSA), and how we can recover cached credentials from the Token Broker Cache.

Contribute to jfrog/text4shell-tools development by creating an account on GitHub.

The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.

Splunk lookup tables can enrich AWS event data with IP-address/name mappings not available in CloudTrail. Here's how to build those tables with Steampipe.

Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens.

We are a fast-growing Kubernetes professional services company that prides itself on helping startups and enterprises alike in their path to modern cloud-native infrastructure

Searching for new gadget chains to exploit deserialization vulnerabilities can be tedious.

With the prior knowledge in mind, I come up with a simple idea. It’s common to see multiple Exchange Servers in corporate networks for high availability and site resilience. Can we relay the NTLM authentication among Exchange Servers?

Microsoft’s Office Online Server is the next generation of Office Web Apps Server; it provides a browser based viewer/editor for Word, PowerPoint, Excel and OneNote documents. The product can be...

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Azure function to insert MISP data in to Azure Sentinel - GitHub - zolderio/misp-to-sentinel: Azure function to insert MISP data in to Azure Sentinel

A new critical vulnerability CVE-2022-42889 a.k.a Text4shell was reported on the popular Apache Commons Text library.

BlueBleed covers multiple misconfigured servers with sensitive data detected by SOCRadar's in-house cloud security module.

I recently documented a dangerous reverse-proxy behaviour called first-request routing, which enables host-header attacks on back-end systems. In this post, I'll show how first-request routing also en