AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
The Cyber Threat Perspective
Episode 99: Tool Time - OneDriveEnum & AD Miner
Jul 3, 2024
Discover the innovative OneDriveEnum tool, designed for user account enumeration in Microsoft 365, revealing vulnerabilities in OneDrive. Learn advanced techniques for user enumeration, including permutated names and strategic mitigation strategies. Dive into AD Miner, an advanced Active Directory auditing tool, showcasing its user-friendly visuals and effective reporting. Explore the importance of proactive security measures like multi-factor authentication and geofencing to bolster defenses against potential threats.
37:05
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- OneDriveEnum effectively enumerates user accounts in Microsoft 365 by exploiting vulnerabilities, significantly enhancing initial access opportunities for penetration testers.
- AD Miner improves Active Directory auditing by generating detailed reports on vulnerabilities and attack paths, facilitating better security evaluations and compliance documentation.
Deep dives
Overview of OneDrive Enum Tool and Its Functionality
OneDrive Enum is a tool designed to exploit vulnerabilities in Microsoft OneDrive, particularly targeting organizational accounts. It effectively generates a vanity URL for users within an organization whenever files are saved via Microsoft applications, which can be exploited for user enumeration. By requiring knowledge of the organization's email format and domain, the tool can probe the SharePoint tenant for valid usernames through brute-force attacks, leveraging specific response codes to confirm their validity. Users report that tools like OneDrive Enum often yield new usernames not found through other open-source intelligence (OSINT) methods, enhancing initial access opportunities significantly.
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode