https://practical365.com/mercury-attack-april-2023/ Practical Office 365 News, Tips, and Tutorials Wed, 04 Oct 2023 19:36:00 +0000 hourly 1 https://wordpress.org/?v=6.6.1 https://practical365.com/mercury-attack-april-2023/#comment-259486 Thu, 13 Apr 2023 19:52:57 +0000 https://practical365.com/?p=58343#comment-259486 Is there any IoC to register on the organizations blacklist?

]]> https://practical365.com/mercury-attack-april-2023/#comment-259238 Mon, 10 Apr 2023 23:30:25 +0000 https://practical365.com/?p=58343#comment-259238 None of your users in on prem active directory should match/sync to a global admin in AzureAD or someone popping the domain gets to pop all your Azure resources as well.

]]> https://practical365.com/mercury-attack-april-2023/#comment-259222 Mon, 10 Apr 2023 17:56:40 +0000 https://practical365.com/?p=58343#comment-259222 The way the attackers started with a GA were by dumping in-memory credentials of the service accounts. So it would be good to have Credential Guard enabled on the Azure AD connect server. That would not allow dumping the creds from memory.

]]>