While investigating a different Azure AD vulnerability in December 2022, Secureworks Counter Threat Unit researchers discovered that stored NTHashes could be recovered via the Microsoft Graph API and decrypted using a certificate stored on Azure AD Domain Services (Azure AD DS) domain controllers.

Learn how to detect successful SSH brute force attacks and other advanced behaviors using the conditional bucket feature in CrowdSec Security Engine 1.5.