Sysadmin

394 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

founded 1 year ago

MODERATORS

[email protected]

Curious about best tools to find AAD leaks (sh.itjust.works)

submitted 1 year ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

As I'm sure many others have encountered, within days of creating any user in O365, they start receiving spam, phishing, and solicitation emails. Some of these bad actors have shown a very clear pattern to me, so it leads me to believe a team of bad actors may have found access to our GAL and will make regular attempts to scam our employees. I'm of course, also curious how I might find that employees with minimal outside communications (external communications are with specific individuals at client companies.)

Unfortunately, I haven't much experience with SecOPs, so I'm curious if anyone more experienced can suggest some good tools to recommend for me to do some digging into this. Tool/app platform doesn't matter, I've got Windows, Mac, and Linux machines available to utilize for testing.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago

Thanks for sharing! I didn’t know didigetpwned had a domain search option. I’ll have to check out the pricing. Could be a good passive tool for checking in on any compromised accounts.

O365 does have pretty good email filtering tools, but plenty does get right through them, surprisingly even the spoofs that fail domain validity checks can get through.