Re: More to this than meets the eye
I remember listening to a podcast some years back of a couple of security researchers talking about what the new year holds, and one of them said "there would be more corporate breaches", but the other corrected him, "there will be more corporates 'finding out' they've been breached"
In other words, most organisations have no idea what is going on inside their networks.
If I were a hacker, once in, I would pivot around for persistence, carefully shimmy around between the walls, listening to conversations and get an understanding of organisational relationships.
With this knowledge, I would formulate a plan to monetise my efforts
Literally all it would take is access to a admin O365 account with no 2FA enabled, which is probably all O365 admin accounts, considering Microshits shenanigans
Phishing is so much easier this way
Why use a net when you can use a sniper rifle
Biting the hand that feeds IT
