π¨ Global Secure Access β βreplace VPN and done.β
I just published a new podcast with Chris Brum where we break down real-world Microsoft GSA deployments π§΅π
3 months ago
6
2
1
0
Posts by Christopher Brumm
#ConsentFix is a great way for attackers to work around some protective layers but not all. @naunheim.cloud , @cbrhh.bsky.social and I wrote a blog post on detection and mitigations. Hope you find it useful and can adapt it to your environment.
www.glueckkanja.com/de/posts/202...
3 months ago
8
3
0
0
Take a look at the article I linked. It says: "Microsoft Entra Internet Access for Microsoft services capabilities are included in a Microsoft Entra ID P1 or Microsoft Entra ID P2 license."
1 year ago
0
0
0
0
@fabian.bader.cloud, @naunheim.cloud and I have also looked into the topic of TokenSmith and are describing the Blue Team perspective (including an effective detection) in this blog:
www.glueckkanja.com/blog/securit...
1 year ago
4
0
0
0
Unfortunately, that was only a matter of time!
This video combines two of the most dangerous tools at the moment associated with phishing - and it's surprisingly simple!
www.youtube.com/watch?v=Dp1z...
Do we have defense options? Read on π
1 year ago
10
4
1
0
A Compliant Network behaves like a Named Location and triggers the Continuous Access Evaluation trigger.
This will force the user to reauthenticate if the token is CAE enabled (and the Service is SharePoint Online).
-> learn.microsoft.com/en-us/entra/...
-> learn.microsoft.com/en-us/entra/...
4/4
1 year ago
0
0
0
0
Why should you do this?
You get the option to protect your resources behind the compliant network control by configuring a Conditional Access policy
-> learn.microsoft.com/en-us/entra/...
This policy is regarding to my tests really powerful to protect against replayed tokens.
3/4
1 year ago
1
1
1
0
Advertisement
Means: you can install the Global Secure Access Client on all your clients and route the traffic to all the Microsoft Endpoints through GSA.
-> learn.microsoft.com/en-us/entra/...
The client is available for Windows, Mac, Android and iOS and it is really easy to deploy.
2/4
1 year ago
0
0
1
0
Global Secure Access and Token Replay - a thread...
Did you know that "Microsoft Entra Internet Access for Microsoft" is included in your Entra ID P1 license?
-> learn.microsoft.com/en-us/entra/...
1/4
1 year ago
7
1
2
0
gist.github.com/CloudProtect...
This one does a very good job because it considers if the device is joined/registered any only looks at the AADGraph. For this resource its not normal that a non-registered device is accessing it
1 year ago
2
1
0
0
Any tips? That's a really strange coincidence - ours needs to be replaced too...
1 year ago
0
0
1
0
I hope every SOC is monitoring incoming emails for signs of anomalous incoming mail amounts to your users. If this happens the execution of any RMM by the target user is a high alert you should follow up on.
1 year ago
3
1
2
0
π @cbrhh and I will be part of this year's Experts Live DK with our session: The state of passkey in 2025
#ELDK2025
conference.expertsli...
1 year ago
3
1
1
0
Great news! π
I have the opportunity to speak in March at the #eldk2025 in Copenhagen!
I will do a comparison of Entra Private Access and a classic VPN solution and show why Global Secure Access is much closer to my understanding of Zero Trust Network Access.
Hope to see you there!
1 year ago
6
2
0
0