| 技术论坛 |
|
|
| ≡技术区≡ ① |
| DELPHI技术 |
| 移动应用开发 |
| Web应用开发 |
| 数据库专区 |
| 报表专区 |
| 网络通讯 |
| 开源项目 |
| 论坛精华贴 |
| ≡发布区≡ ② |
| 发布代码 |
| 发布控件 |
| 文档资料 |
| 经典工具 |
| ≡事务区≡ ③ |
| 网站意见 |
| 盒子之家 |
| 招聘应聘 |
| 信息交换 |
| 论坛信息 |
|||
|
| 导航: | 论坛 -> DELPHI技术 斑竹:liumazi,sephil | |||||
| 作者: |
|
2023/3/24 22:25:44 | ||||
| 标题: |
|
加入我的收藏 | ||||
| 楼主: | Use this Python utility developed by CISA to detect hacking in Microsoft cloud environments! The discovery of vulnerabilities in Microsoft's cloud environments isn't exactly uncommon (just like cloud platforms developed by other vendors). In the past, we have seen critical vulnerabilities being patched in various Azure services including Azure Container Instances (ACI), Azure Automation, and Cosmos DB. Now, the U.S. Cybersecurity and Infrastructure Agency (CISA) has recommended the use of a Python-based utility to detect vulnerabilities specifically in Microsoft cloud environments. The utility in question is dubbed "Untitled Goose Tool" and is developed in collaboration with the U.S. Department of Energy's Sandia National Laboratories. Untitled Goose Tool can be useful in determine signs of hacking in various Microsoft cloud environments including Azure, Microsoft 365, and Azure Active Directory (AAD). It leverages various sophisticated hunting queries and can be used in tandem with other Microsoft detection and analysis tools to identify signs of exploitation. Its capabilities are listed below: -- Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity. -- Query, export, and investigate AAD, M365, and Azure configurations. -- Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics. -- Perform time bounding of the UAL. -- Extract data within those time bounds. -- Collect and review data using similar time bounding capabilities for MDE data. Untitled Goose Tool can be downloaded from the GitHub repository here. Along with offering detailed installation and usage instructions, CISA has also recommended that the utility should be run in virtual environments. sources  https://github.com/cisagov/untitledgoosetool---------------------------------------------- The higher the degree, the greater the respect given to the humblest!RAD 11.3 |
|||||
| 信息 |
| 登陆以后才能回复 |
