2025-1-5 18:28:0 Author: www.hecfblog.com(查看原文) 阅读量:3 收藏
By
•
January 05, 2025
•
azure
azure ad
Daily Blog
entraid
sunday funday
•
Hello Reader,
Welcome back to Sunday Funday! This week we are going straight in to topics I see as current research blind spots. We are going to be focusing on Entra ID aka Azure AD and what evidence you can find when people run tools like Bloodhound/Sharphound. I look forward to your thorough responses as we work as a community to overcome lack of knowledge.
The Prize:
The Rules:
$100 Amazon Giftcard
An apperance on the following week's Forensic Lunch!
- You must post your answer before Friday 1/10/25 7PM CST (GMT -5)
- The most complete answer wins
- You are allowed to edit your answer after posting
- If two answers are too similar for one to win, the one with the earlier posting time wins
- Be specific and be thoughtful
- Anonymous entries are allowed, please email them to [email protected]. Please state in your email if you would like to be anonymous or not if you win.
- In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
The Challenge:
What evidence is left behind in Azure when an attacker runs Bloodhound or any derivative like Sharphound. You should document at least two scenarios:
1. Default logging
2. Turning on any optional logging you want to test.
Your response can be a link to your own blog, an email, a document etc.. Bonus points if you point out specific indicators that can be searched for or alerted off of.
如有侵权请联系:admin#unsafe.sh