Category: Exchange Online

Impersonation protected user upload script

Impersonation is when the sender of an email message looks similar to a real or expected sender’s email address. Attackers often use impersonated sender email addresses in phishing or other types of attacks to gain the trust of the recipient. User impersonation: Contains subtle differences in the email alias. For example, louiis@gmail.com impersonates louis@gmail.com. Anti-phishing Microsoft […]

Vlaanderen.be your SPF is a phishing problem!

A massive phishing campaign is targeting vlaanderen.be, impersonating their domain. It is common for phishing campaigns to impersonate government domains. However, during my investigation, I observed that the attackers were sending phishing emails from an IP address that was listed in the SPF record of vlaanderen.be. This video showcases the steps taken during the investigation […]

Detect security policy changes

Who changed my security baseline? Configuring your tenant with correct security policies that match the needs of your company or customer takes time and effort. But once everything is in place you can sleep on both ears… right? Unless other admins change the security baseline behind your back. This isn’t necessarily with bad intentions. Security […]

Legacy auth: how to tackle it!

Microsoft will disable basic auth on October 2022. There is no reason to wait with moving to modern auntill until Microsoft forces you to do so. There are BIG SECURITY RISK with using legy auth protocols. In this video I will be explaining where you can identity these protocols, explain the authentication mechanic that attackers […]