Our Red Team found multiple ways to get around SharePoint’s “Restricted View” and exfiltrate data. Here's how...
 
Jack walks through Red Team methods using OCR and screenshots, Copilot, browser tricks, and HTML scraping to keep and collect data.
 
No matter the file type (TXT, PPTX, XLSX), there's a way...
 
Read here: https://www.pentestpartners.com/security-blog/bypassing-sharepoint-restricted-view-to-exfiltrate-data/
 
If you’re relying on “Restricted View” to protect sensitive data, it’s time to rethink.
 
#redteam #cybersecurity #infosec #sharepoint #microsoft365 #datasecurity #restrictedview #copilot

Bonjour le #fediverse. Connaissez-vous une version libre ou au moins non-GAFAM de #sharepoint ? Merci !!

OMG. #Microsoft #Copilot bypasses #Sharepoint #security so you don’t have to!

“CoPilot gets privileged access to SharePoint so it can index documents, but unlike the regular search feature, it doesn’t know about or respect any of the access controls you might have set up. You can get CoPilot to just dump out the contents of sensitive documents that it can see, with the bonus feature* that your access won’t show up in audit logs.”

The S in CoPilot stands for Security!

https://pivotnine.com/the-crux/archive/remembering-f00fs-of-old/

Microsoft Copilot for SharePoint just made recon a whole lot easier.
 
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
 
It opened the door to credentials, internal docs, and more.
 
All without triggering access logs or alerts.
 
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
 
That’s a problem.
 
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
 
Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

Microsoft erhöht Preise für On-Premises-Server

Microsoft erkennt an, dass es Kunden gibt, die On-Premises-Installationen benötigen. Die sollen dafür aber tiefer in die Tasche greifen.

https://www.heise.de/news/Microsoft-erhoeht-Preise-fuer-On-Premises-Server-10345544.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

So, I'm finally, after all these years of being able to avoid it, having to dig in and try to build some SharePoint wiki pages.

Why is the default so ugly and seeming to lack typical margin in a lot of places? And am I searching for the wrong terms or is it really incredibly stupid what you have to do to customize the CSS for the pages? I really don't want to waste too much of my time learning SharePoint. This sucks.

iX-Workshop: Microsoft Teams professionell einrichten und administrieren

Lernen Sie, wie Sie mit Microsoft Teams eine sichere und effiziente Arbeitsumgebung einrichten, verwalten und an die Bedürfnisse des Unternehmens anpassen.

https://www.heise.de/news/iX-Workshop-Microsoft-Teams-professionell-einrichten-und-administrieren-10286783.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Good morning fuzzies, time to get back to the #powerplatform and #sharepoint mines after vacation. My philosophy class also starts today which is basically all reading and writing, not a single integral or series... what a bummer

I used to say that I miss #SharePoint Server 2013 because #Kerberos was a lot less trouble than anything else currently in use for authentication.

But now with all this AI being put into everything I can say #SharePointServer 2013 has never looked sexier before today!

There are days I dislike #Sharepoint, and then there are days that I loathe it.

Hey, you know how Microsoft is obsessed with SharePoint, and Teams is implemented in SharePoint?

Is OneDrive a SharePoint app too?!

#SharePoint Lookup columns are special, unless you love [object Object], be sure to use [$Column.lookupValue]
*sigh*

One positive thing about my work doing #SharePoint List customization and non standard project front-ends because my org is too afraid of #PowerPlatform is that none of the #AI systems can code for it because its so obtuse and niche

I am avoiding building my
#jira timeline today... by building a custom list view dashboard in
#sharepoint