The Inner Circle

Expand all | Collapse all

NSA Detecting Abuse of Authentication Mechanisms

  • 1.  NSA Detecting Abuse of Authentication Mechanisms

    Posted Dec 18, 2020 01:29:00 AM
      |   view attached

    Hi All,

    The NSA published Detecting Abuse of Authentication Mechanisms which discusses how malicious cyber actors are abusing trust in federated authentication environments to access protected data. The exploitation occurs after the actors have gained initial access to a victim's on-premises network. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources. The actors demonstrate two sets of tactics, techniques, and procedures (TTP) for gaining access to the victim
    network's cloud resources, often with a particular focus on organizational email.



    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------


  • 2.  RE: NSA Detecting Abuse of Authentication Mechanisms

    Posted Dec 24, 2020 04:00:00 AM

    Might be also good to add to that that NSA released this in response to the SolarWinds events and following breaches.

    Thanks for sharing Michael!



    ------------------------------
    Saan Vandendriessche CCSP | CISSP | CRISC
    Brussels - Belgium
    ------------------------------



  • 3.  RE: NSA Detecting Abuse of Authentication Mechanisms

    Posted Dec 25, 2020 01:21:00 PM

    Thanks Michael, this is a good read.



    ------------------------------
    Abhishek Vyas
    Security Architect
    Admiral
    ------------------------------



  • 4.  RE: NSA Detecting Abuse of Authentication Mechanisms

    Posted 30 days ago

    Thanks for sharing Michael!



    ------------------------------
    Sagy Langer
    Owner
    Networx IT Solutions
    ------------------------------