Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Contact Us
Terms and Conditions
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Connect
The Inner Circle
Communities
Directory
Learn
Certificates & Trainings
Cloudbytes Webinars
Blog
Videos
Cloud Security
Zero Trust
Technology Maps
Cloud Security Map
Zero Trust Map
Engage
Volunteer
Opportunities
Events
Top Threats
Back to discussions
Expand all
|
Collapse all
Cloud Events/Breaches
1.
Cloud Events/Breaches
0
Like
CSA Instructor
Jon-Michael C. Brook
Posted Sep 23, 2021 07:45:00 AM
Reply
Reply Privately
Options Dropdown
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Autodiscover, a protocol used by Microsoft Exchange for automatic configuration of clients such as Microsoft Outlook, has a design flaw that causes the protocol to "leak" web requests to Autodiscover domains outside of the user's domain but in the same TLD (i.e. Autodiscover.com).
Guardicore Labs acquired multiple Autodiscover domains with a TLD suffix and set them up to reach a web server that we control. Soon thereafter, we detected a massive leak of Windows domain credentials that reached our server.
Between April 16th, 2021 to August 25th, 2021 we have captured:
372,072
Windows domain credentials
in total.
96,671
UNIQUE
credentials that leaked from various applications such as Microsoft Outlook, mobile email clients and other applications interfacing with Microsoft's Exchange server.
https://twitter.com/0xdabbad00/status/1440350320060633088?s=20
Cloud vulns of the past 4 weeks
:
Azure:
- ChaosDB:
https://
twitter.com/sagitz_/status
/1431042325321560066
…
- Azurescape
https://
twitter.com/yuval_avrahami
/status/1435909305203634179
…
- OMIGOD:
https://
twitter.com/nirohfeld/stat
us/1437847403315535885
…
- Log Analytics role privesc:
https://t.co/xOrS88PbHL?amp=1
GCP:
- IAP:
https://
cloud.google.com/support/bullet
ins#gcp-2021-020
…
- org policies bypass:
https://
twitter.com/NightmareJS/st
atus/1436486797832425480
…
AWS:
- WorkSpaces client RCE: New Rhino Blog: CVE-2021-38112: AWS WorkSpaces Remote Code Execution
https://
bit.ly/3kzeyr7
------------------------------
Jon-Michael C. Brook CISSP, CCSK, AWS Solutions Arch
------------------------------
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Privacy Notice
|
Terms & Conditions
Copyright 2022. All rights reserved.
Powered by Higher Logic