Office 365

Indicators of Compromise: O365 Mailbox Forwarding and Rules

NOTE: This blog refers to several Microsoft products that require special licensing. Be sure to check your individual licensing to fully comprehend which features are available to you. Office 365 (O365) has become a recurring favorite and at times the main focus of common threat actors. Once credentials are compromised through tactics like phishing, it …

Azure Active Directory

Password Changed, but Account Still Compromised?

NOTE: This article only relates to organizations with an on-premise Active Directory that sync passwords to Azure Active Directory. Have you ever come across an account where there was an indicator of compromise (IOC) and the account’s password was changed, but the compromise still continued? If not, you may have just been getting lucky in …