Mubarak Ahmed

Public hashtag # cloud computing offers unparalleled flexibility and scalability for businesses, but with great power comes great responsibility – securing access to your valuable hashtag # data and resources ( hashtag # OAuth , hashtag # SAML , hashtag # Tokens , hashtag # Basic Auth). Here, I will explore some of the most common hashtag # authentication types, each acting as a key to unlock secure access within the cloud.

Although we do not recommend exclude any users from 2FA, but some organizations have their justifications for excluding certain users from MFA. In ADFS 3.0 (Win Server 2012 R2) doesn't have GUI to apply such policy and you need to amend on claims rule by power-shell, but it's available in Win server 2016 and later as GUI. Let assume that you applied MFA by adding group "domain users" in the edit authentication policy. You need to exclude specific users from MFA, create another security group then add required users, then apply the below custom rule : 1 :  Get the SID of domain users "S-1-5-21domain-513" and EX_MFA group. 2 : $MFAEX = 'exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "domain users' SID"]) && NOT exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "EX_MFA's SID"]) => issue (Type = "http://sche...

LDAP is  the Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories. The LDAP directory service is based on a client-server model. The function of LDAP is to enable access to an existing directory "Microsoft" . The major operations can be performed by LDAP : Add :  add new data. Bind : Authenticate ( Use LDAPS over  port  636 not 389 ) Delete :  Delete data. Search and Compare. Unbind :  close the connection. LDAP injection is similar in principle to SQL injection attack, the main objectives of LDAP injection to exploit the web application vulnerabilities in order to exfiltrate login names of users as well as users' information. This step is an important step prior to privilege escalation attack. Let us  suppose  that ABC company had an application called Rocky :). ...

Windows Incidents Response (Practical - 11 Steps ) When a system encounters an incident, the common reaction among most people will be to panic and jump straight into the system to find out the cause and hopefully try to get it back to normal working condition as soon as possible. In most cases, not all systems can afford the downtime to carry a full investigation before knowing the most possible cause (SANS). In this post, I will elaborate basics steps might be will help you in Windows Incidents Response  (IR) to expedite IR. I have summarized the process in 11 steps. Let us assume that a machine named Desktop-ABC connected to the ABC domain was compromised and as the lead incident responder on your system admin team, your task is to use incident response methodologies to determine what happened, identify any malicious files found on the system, and take the appropriate steps to resolve the issue. Let us start, After connected to  Desktop-...