During last week’s episode, we briefly spoke about major security incidents that took place between January and February 2024, including the Midnight Blizzard attack. Today, we're delving deeper into the specifics of this attack. From exploiting OAuth mechanics to navigating Microsoft's corporate environment, the attackers demonstrated a level of sophistication that evaded conventional detection controls.  

Tune in to hear Andy and Paul examine its intricate attack chain and discuss their insights on what Microsoft should do in response.  

Timestamps: 

(2:00) – What does the attack chain for this breach look like? 

(7:11) – Timeline of the Attack 

(8:53) – Thoughts on Microsoft’s Response 

(18:55) – A Definition of an OAuth App and a Service Principal 

(27:36) – What do Admins need to do about this? 

(33:20) – Does the speed of change and the scale of Cloud Services negatively impact security? 

Episode Resources: 

Andy and Paul Discuss Malicious OAuth Apps

YouTube Video from Andy Robbins

BingBang