John Fitzpatrick AiTM Detection In recent years AiTM attacks have surged. They are currently the primary way we see organisations compromised and they are often extremely difficult... AiTM
John Fitzpatrick Tracking ClickFix Infrastructure Back in mid July we thought it would be interesting to track some ClickFix activity and see how the infrastructure supporting it compares with other adversary activity... Adversary Tracking ClickFix
Oleksandr Vengeruk Azure Front Door AiTM Phishing We see new phishing toolkits and infrastructures all the time. Most of them are following the same patterns and are easy to spot. But, just a couple of weeks ago, during... AiTM Azure Microsoft Phishing
John Fitzpatrick Where Conditional Access Risk Policies Fail... Microsoft provides a number of conditional access policy templates for organisations to deploy. They are mostly good, but one in particular has caused us some concern. That is this template which, in ... AiTM Conditional Access Policies Microsoft
John Fitzpatrick AiTM Non-Incident Report Recently one of our customers let us know that our AiTM feed had blocked what would otherwise have been a successful AiTM attack . The attack tricked a user into authenticating with active Adversary i... AiTM Conditional Access Policies Coudflare Incident workers.dev
