@jos1264

Nice article! Can‘t agree more on all of them amd seen many of them in the wild:

📄 Default configurations of software and applications

⛔️ Improper separation of user/administrator privilege

🔎 Insufficient internal network monitoring

⚠️ Lack of network segmentation

🔄 Poor patch management

🔀 Bypass of system access controls

📱 Weak or misconfigured MFA methods

🎣 Lack of phishing-resistant MFA

🚫 Insufficient access control lists on network shares and services

🧼 Poor credential hygiene

👨🏼‍💻 Unrestricted Code Execution

#cybersecurity #NetworkAccessControl #patchmanagement #PrincipleOfLeastPriviledge #mfa #phishing #networksegmentation #networkmonitoring #hardening #codeexecution

This #Microsoft article gives an excellent overview of their internal practices for securing #OneDrive, from the #PrincipleOfLeastPriviledge and #ZeroStandingPrivileges for employees to #PhysicalSecurity and #GeoRedundancy considerations for data centres. A good read for infosec students, I think! https://support.microsoft.com/office/how-onedrive-safeguards-your-data-in-the-cloud-23c6ea94-3608-48d7-8bf0-80e142edd1e1

@marathon the #PrincipleOfLeastPriviledge in *offensive*? Are you serious? That's almost like being offended by facts. It's a highly regarded principle in the #infosec industry.

@freemo @marathon In infosec we have a #PrincipleOfLeastPriviledge rule. That is, you don't extend trust where you don't need to. There is no need to trust a (proven untrustworthy) tech giant with petitioner's personal data.