DefensiveSec

🛡️ Summary Password spraying attacks thrive on legacy protocols like Basic Authentication. While Microsoft disabled Basic Auth for most Exchange Online endpoints in 2022, SMTP AUTH remains a critical exception—and a prime target. This post explains why, and how to audit, restrict, and shut it down. 🔍 What Are Exchange Authentication Policies? Exchange authentication policies are configuration objects in Exchange Online that allow administrators to disable Basic Authentication per protocol for specific users or groups. These policies operate at the protocol layer , preventing Basic Auth requests from ever reaching Microsoft Entra ID. This is different from Conditional Access, which evaluates sign-in attempts at the identity layer . Authentication policies are more effective for legacy protocol hardening because they cut off Basic Auth at the source . 🔓 Why Basic Authentication Is Dangerous Sends credentials in plaintext (Base64), easily intercepted. Doesn’t support M...

🔐 Summary If you're running a UniFi Gateway and want to route traffic for specific domains (like geo restricted streaming) through a NordVPN tunnel, while using AdGuard Home for DNS filtering, this guide walks you through the full configuration — from VPN client setup to DNS forwarding and policy-based routing. In this post, I'll use  example.com  to represent a domain that I want to route across a VPN tunnel. Note: This method can work with any combination of VPN provider and External DNS.  If you're just using the Unifi GW for DNS, it's even simpler. 🧭 Overview Goal: Route all traffic to example.com  and its subdomains through NordVPN. Tools Used: UniFi Cloud Gateway (Next-Gen UniFi gateway or UniFi Cloud Gateway) NordVPN (OpenVPN) AdGuard Home (DNS filtering and conditional forwarding) 1. Configure NordVPN as a Client on UniFi Gateway ✅ UI-Based Setup (No SSH Required) Navigate to UniFi Network > Sett...

The Problem Users want to collaborate with external parties. You have a few options to accomplish this: Share anonymously Share with any authenticated user Share with existing authenticated user Share with organization only None of these work well when security and scale are required. The best of both worlds would be to allow your end users to request access for an external user and then to kick off an approval workflow. If approved by the appropriate parties, a B2B invite will be automatically sent to the desired email address. Once invited, the user can then share with that account. This is assuming you have your org configured so sharing is only possible with existing external accounts. The Solution With an Office 365 subscription, you get a product called Microsoft Flow. Most people just equate this to being Microsoft’s attempt at creating an  IFTT  knock off. However, it’s so much more than that. You can, in essence, build out an entirely server-less API that you can inte...