Skip to content

Commit

Permalink
Merge pull request #846 from nterl0k/nterl0k-pingid-mfa
Browse files Browse the repository at this point in the history
Nterl0k pingid mfa
  • Loading branch information
patel-bhavin authored Oct 25, 2023
2 parents 3fe78ae + aa5a930 commit 84a7d27
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 0 deletions.
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1621/pingid/pingid.log
Git LFS file not shown
16 changes: 16 additions & 0 deletions datasets/attack_techniques/T1621/pingid/pingid_dataset.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
author: Steven Dick
id: 050d14b8-455d-43a8-9d99-9c38f8afd73c
date: '2023-09-26'
description: 'Detection of a few common MFA abuse scenarios with datasets from pindID'
environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1621/pingid/pingid.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1621/pingid/windows_pw_reset.log
sourcetypes:
- _json
- WinEventLog:Security
references:
- https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/defend-your-users-from-mfa-fatigue-attacks/ba-p/2365677
- https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
- https://twitter.com/jhencinski/status/1618660062352007174
- https://docs.pingidentity.com/r/en-us/pingoneforenterprise/p14e_subscriptions?tocId=3xhnxjX3VzKNs3SXigWnQA
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1621/pingid/windows_pw_reset.log
Git LFS file not shown

0 comments on commit 84a7d27

Please sign in to comment.