What Were You Observed in Your Corporate Network?

The group used a tunneller built on the t open source drop bare ss h client server application that this group installed on network appliances within the environment. They were using min credentials as well as impersonation rights. And they didn't start using this new method until, you know, there was a lot of public documentation about how to use service principles to authenticate tomaxof three 65. So it became pretty clear that they were adjusting their methodology to access to cloud when public reporting about other advance thread actors was made available.