When MFA isn’t an option: The legacy of ROPC - Red Canary
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 2b139c47-4df9-4ac6-9405-bfe30cb9e679 |
| Fingerprint | 2f13de110ef2e9d5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 14, 2023, midnight |
| Added to db | June 14, 2023, 5:33 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | When MFA isn’t an option: The legacy of ROPC |
| Title | When MFA isn’t an option: The legacy of ROPC - Red Canary |
| Detected Hints/Tags/Attributes | 43/1/39 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://redcanary.com/blog/ropc-legacy-authentication/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 360 | ✔ | Red Canary | https://www.redcanary.co/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 369 | microsoft.com |
|
| Details | Domain | 61 | login.microsoftonline.com |
|
| Details | Domain | 1 | thisiswhywecanthavenicethings.onmicrosoft.com |
|
| Details | Domain | 32 | graph.microsoft.com |
|
| Details | Domain | 1 | appcatalog.read |
|
| Details | Domain | 2 | informationprotectionpolicy.read |
|
| Details | Domain | 5 | people.read |
|
| Details | Domain | 1 | place.read |
|
| Details | Domain | 1 | graphpermissions.merill.net |
|
| Details | Domain | 1 | permissions.name |
|
| Details | Domain | 1 | rootdrive.id |
|
| Details | Domain | 1 | rootdriveitem.id |
|
| Details | Domain | 1 | rootdrivechildren.id |
|
| Details | Domain | 2 | application.read |
|
| Details | Domain | 1 | thiiswhywecanthavenicethings.onmicrosoft.com |
|
| Details | 1 | unfortunatevictim@thisiswhywecanthavenicethings.onmicrosoft.com |
||
| Details | 1 | unfortunatevictim@thiiswhywecanthavenicethings.onmicrosoft.com |
||
| Details | File | 1 | 0.avi |
|
| Details | File | 1 | dumpedfile.txt |
|
| Details | Url | 1 | https://login.microsoftonline.com/microsoft.com/.well |
|
| Details | Url | 3 | https://login.microsoftonline.com/organizations/oauth2/v2.0/token |
|
| Details | Url | 3 | https://graph.microsoft.com/.default |
|
| Details | Url | 2 | https://login.microsoftonline.com/$tenantid/oauth2/v2.0/token |
|
| Details | Url | 1 | https://graph.microsoft.com/appcatalog.read.all |
|
| Details | Url | 2 | https://graph.microsoft.com/channel.readbasic.all |
|
| Details | Url | 1 | https://graph.microsoft.com/contacts.readwrite.shared |
|
| Details | Url | 2 | https://graph.microsoft.com/files.readwrite.all |
|
| Details | Url | 2 | https://graph.microsoft.com/informationprotectionpolicy.read |
|
| Details | Url | 1 | https://graph.microsoft.com/mailboxsettings.readwrite |
|
| Details | Url | 1 | https://graph.microsoft.com/notes.readwrite.all |
|
| Details | Url | 2 | https://graph.microsoft.com/people.read |
|
| Details | Url | 1 | https://graph.microsoft.com/place.read.all |
|
| Details | Url | 1 | https://graph.microsoft.com/sites.readwrite.all |
|
| Details | Url | 1 | https://graph.microsoft.com/tasks.readwrite |
|
| Details | Url | 1 | https://graph.microsoft.com/team.readbasic.all |
|
| Details | Url | 1 | https://graph.microsoft.com/teamsappinstallation.readforteam |
|
| Details | Url | 1 | https://graph.microsoft.com/teamstab.create |
|
| Details | Url | 2 | https://graph.microsoft.com/user.readbasic.all |
|
| Details | Url | 1 | https://graphpermissions.merill.net/permission/files.readwrite.all |