User Profile
Zer0
Copper Contributor
Joined Apr 16, 2018
User Widgets
Recent Discussions
An actor on NULL - ATP
I’m getting a lot of these messages below, I’m not sure what to do with them, tracing via my siem the process involved is lsass.exe, my suspicion is that it is Rapid7 performing vulnerability scans but just wanted to check if anyone else had similar issues? An actor on NULL performed suspicious account enumeration, exposing Guest, while trying to access <computer> clicking on null, as expected produces an error.Re: Teams Abusive behaviour on video calls
Thanks Christian, I've been through it several times to get them as locked down as much as possible, which they are, but that "Anonymous can join meetings" option appears tenant wide. Is there a way to disable it per team via a PoSH cmdlet?1.9KViews0likes1CommentRe: Teams Abusive behaviour on video calls
CoasterKaty When I look through the debug data I can see the client is the webclient, when I lookup the Connectivity_LocalSite ip it resolves to Microsofts subnets, it is also evident in those debug logs that the webclient runs on VMs in Microsofts infrastructure quite fascinating reading really. I did take the IP and look it up on cloud app security just to confirm my suspicions. I might log a ticket is MS support to see if there's a way I can resolve a web client anonymous user back to a real IP. In your case were students using the full app?1.9KViews0likes1CommentTeams Abusive behaviour on video calls
Hi Folks, I believe we're suffering teamsbombing, we have a situation whereby a video call is starting up for a team of students, the students are getting the meeting info for the team from either the invite URL or the ellipsis menu\meeting info, they are then firing up an incognito browser session and then joining as anonymous users using different names or names of other students. This is very distracting for the teaching staff. I've disabled guest access via POSH for the team but that doesn't appear to flow down to a video call, we need guest access on overall for the tenant for serveral other business reasons. Are there any work arounds or fixes?2.2KViews0likes6Comments
Recent Blog Articles
No content to show