 |
Post AnyLn0gAIeirnucXjc by [email protected] |
 |
More posts by [email protected] |
|
Post #AnxvXGSbGCyRJ66hNo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Anybody else seeing Microsoft Azure Active Directory Connect account bruteforce… |
|
|
|
Post #Anxxg6dLMhFrLQTZZY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I see a smal spike at the beginning of November, but less than 100… |
|
|
|
Post #AnxyUU0iiwaOKIQq5g by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog yup, spraying attempts mostly from RU |
|
|
|
Post #Any53ezWUOlWF71qbo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Yes, started 23/10. All VN + RU addresses, but each IP is only see… |
|
|
|
Post #Any7P72ra3m7EvwqpM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
For clarity on this one, there’s no reason standard users or admins should be… |
|
|
|
Post #Any9FKlhu23IoYO9JY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog I see the same activity starting in April and still ongoing |
|
|
|
Post #AnyCiJQeGK48v632WG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I see a lot of legitimate activity from sync accounts. Otherwise I… |
|
|
|
Post #AnyGPb70gxFu4uC5aK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Multiple hundred attempts in the last 30 days, 90% from RU, some f… |
|
|
|
Post #AnyJvYaJvItBMwpnqS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Is it possible that MS excluded that app from their brute force pr… |
|
|
|
Post #AnyJxWHlRWXIoj5hrM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I think Microsoft security peeps may want to go through their logs for Microsof… |
|
|
|
Post #AnyLn0gAIeirnucXjc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Same. All hits are RU and VN using the browser "Rich Client 4… |
|
|
|
Post #AnyMWUZxylMJZJPPaS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog April-May, drop off in June, spike in July and drop off until the … |
|
|
|
Post #AnyTtmQiTYDpGt8MPg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Yes we are seeing them too. The accounts tried overlap with those… |
|
|
|
Post #AnyUWSltV00nazU8Lg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog 5 events total for the past 30 days. All from RU, all different IP… |
|
|
|
Post #AnyYx3mwtPoRkPus9g by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog It goes back to at least July, BTW. |
|
|
|
Post #AnyoegTeQJCdVG9KL2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Some basic questions from a basic guy:Does MS provide functionalit… |
|
|
|
Post #AnyyQFFzpVrWZJW46i by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Thank you. |
|
|
|
Post #Anz18MgzkJcgHNJIlU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@danrubins @GossiTheDog If you have older logs, it may be worth looking back fu… |
|
|
|
Post #Anz1GKKkOrLxHQhVfk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @danrubins Cold storage for Splunk. But yeah, I know I'm lucky… |
|
|
|
Post #Anz3NNprygys4okaiO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Also check out who’s being targeted and if any of your internal … |
|
|
|
Post #AnzXr1g9uwRkfhG8Bc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Yes can see events from 23/10 but not a large volume. All VN + RU … |
|
|
|
Post #AoAYxLW3JWuucpfVxI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog We started running these queries on the 14th after seeing this sha… |
