@GergelyOrosz Weird take for a guy whos company literally profits from the fact the more we work the more we use his software. Wonder if Zoom will come out with a license model that only lets you use it 3 days a week….
Reading Microsoft’s new Void Blizzard report, one thing stands out (again): Everything is about credential theft, phishing, and tokens. Initial access comes from buying or stealing creds - often through low-effort phishing. All the real action happens in the cloud, not on endpoints.
Gone are the days of multi-stage attacks where you’d see lateral movement, privilege escalation, or fancy malware on file servers. Now it’s just: steal creds, log in to cloud, exfiltrate data, repeat. Detection? Only possible if you have access to expensive cloud logs. No logs, no chance.
The perimeter has shifted from endpoints to identity. The detection surface shrank from your whole network down to some logs you might get from your cloud provider if you pay extra. Honestly, not sure if that’s “progress” or just shifting the visibility problem somewhere else.
@systemdesignone@swapnakpanda If you take notes, at what point do you go back to read them? I try to do the same but then I rarely go back and read them
@wangbin579 It’s no different than why we say hello/hi when talking on the phone . It’s to confirm receive of message and sending of message to establish communication
@merill To be clear, would you recommend even breaking-glass GA to use a security key?
The guidance was/is GA should be password only incase MFA or other controls are are down.
@NathanMcNulty I been looking for this video! I gave it a shout out in a presentation I did providing about using winfw for network segmentation https://t.co/61qEXCAXOl
@DebugPrivilege Why even store the password? If the service breaks, simply reset the password with another GA account. Ideally the app would be set it and forget it, so no reason to record the password in a vault/pass mgr.