Subscribe to the CyberThreatPOV Podcast

Episode 98: Current State of M365 Attacks – Initial Access

In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this.

Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session Hijacking, Adversary-in-the-Middle (AiTM) Attacks, OAuth Phishing, Legacy Authentication Protocols, App Passwords, Conditional Access Policies

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@CyberThreatPOV
Twitter: https://twitter.com/cyberthreatpov
Work with Us: https://securit360.com