While testing, I was able to discover a broken 2FA authentication on a website.
Link to report: https://t.co/ZoATUqbQhp
It was quite an interesting process.
Major areas in the city like Ada George, Ozouba, Nta road, Sars road are living in total black out for days. No, let’s not act like everything is cool. No major update, no words from the Government to reassure residents. Is that how we will live ?
I have an opening, hear me out.
The reason as to why politicians dislike this modern age of technology and decentralized journalism is because of fact checking.
Imagine if something like this had been published in a newspaper 10 or 15 years ago. Almost everyone would have believed it because there was little or no way to fact-check it. Men who read newspapers at the newspaper stand will discuss about it. They will be shocked. They’ll go home to tell their families what happened in IMO State. The mainstream media practically had full control of the narrative.
But today, once something is posted, people can use technology to verify it almost immediately. Lies are uncovered. The mainstream media doesn’t have total control of what people see on the news.
The Nigerian Army said these photos were taken in Imo State, but the community note has said otherwise.
@instablog9ja This is as stupid as the current government. These soldiers need ammunition and advanced equipments to combat these terrorists not useless combat vehicles
The Most Dangerous Account in Your Environment Isn’t an Admin
Everyone fears the Domain Admin.
But attackers don’t start there.
They start with:
- The forgotten service account
- The backup operator
- The legacy integration account
- The temporary elevated user that was never removed
Those accounts don’t trigger alarms.
They look normal.
Most major breaches don’t begin with privilege escalation.
They begin with:
1. Credential reuse
2. Poorly scoped permissions
3. Stale accounts no one reviews
The attacker doesn’t need full control.
They just need:
- One account
- With one overlooked permission
- On one reachable system
That’s enough to move laterally.
Stop asking:
“Who are our admins?”
Start asking:
“Which non-admin accounts can quietly become dangerous?”
Audit:
- Service accounts with interactive logon rights
- Accounts excluded from MFA
- Backup operators
- Accounts with SPNs (Kerberoasting risk)
- Dormant but enabled users
Privilege isn’t just about titles.
It’s about pathways.
And attackers follow pathways, not organizational charts.
#CyberAttack