jonathandata1/microsoft_azure_personally_identifiable_info_leak jonathandata1/microsoft_azure_personally_identifiable_info_leak

  • Stars
    star
    32
  • Rank 801,539 (Top 16 %)
  • Language
  • Created about 3 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
jonathandata1/microsoft_azure_personally_identifiable_info_leak
github

jonathandata1

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Microsoft Azure Told Me This Was No Big Deal, and by default users data from an organization you are part of is leaking in aad.portal.azure.com, the access in my report is not disabled by default and gives a general user the ability to create tenants, assign users to a tenant, assign roles, and invite external users. Most organizations do not even know these permissions exist. When I first found this data leak there were 100,000+ exposed PII points, and the organization immediately fixed it. When I reported this to Microsoft they said this is how it is supposed to work. Enjoy - Jonathan Scott

More Repositories

1

pegasus_spyware

decompiled pegasus_spyware
Smali
1,997
star
2

ios_15_rce

Remote Code Execution V1 For iOS 15 sent through airdrop after the device was connected to a trusted host
JavaScript
314
star
3

2022_beijing

Decompiled 2022 Beijing iOS & Android Apps
HTML
236
star
4

Goliad

OpenVPN Project Dynamically Pulling .ovpn configuration files for instant connections without the hassle of searching for a source
Shell
140
star
5

cyfon

bug bounty pull all subdomain data, hacker tools
Shell
127
star
6

pegasus_spyware_detection_utils_ios_aos

After extensive research and understanding of how Pegasus Spyware is operating inside of iOS and AndroidOS systems I have created tools that will be able to identify & validate the presence of the spyware on your mobile devices, and tablets. Initial detection points were derived from the mvt-project.
Roff
72
star
7

tyr

Android Recon & Research Tools
Shell
71
star
8

mobile_forensics

Methods & Tools for Mobile Malware Spyware & Forensics
Roff
60
star
9

atsend

Send AT Commands To Samsung & LG Devices Better Easier Than You Ever Imagined
Shell
36
star
10

departmentofdefense

A list of Department of Defense Endpoints to check for DoD VDP (Vulnerability Disclosure Program)
33
star
11

ios_15.0.2_RCE_V2.1

iOS 15.0.2 RCE v2.1 Airdrop Delivered Data Wipe
JavaScript
30
star
12

mass_data_parse

Parse Through Gigs of Data with 1 line of code!
Shell
29
star
13

phone_hacking_6

Phone Hacking Series 6 - iPhone Backdoor - binaries
Perl
25
star
14

ios_logging

Mobileconfigurations that you will need to get extensive iOS logs
22
star
15

ios_15.0.1_entitlements_dump

Full Dump of iOS 15.0.1 Entitlements
20
star
16

io

Monitor Live USB Plug In & Plug Out Events
Python
18
star
17

bash_deploy

Create BASH Script Binaries, Historical Versions of Your Scripts & Binaries, Never create an alias again, never use sh or ./ to execute a shell script anywhere in your terminal
Shell
18
star
18

ios_15.0.2_data_leak

ISO.org Data Leak Due to Apple's failure to validate link references from a 2015 code comment
18
star
19

iOS-15-Siri-Database-Persistance-When-Not-Enabled

Part of my iOS 15 experiment shows shows all the data that Siri is collecting even though I have NEVER enabled siri on my iPhone 11 Pro
14
star
20

android_wipe

Bypass Auth Android Data Wipe
14
star
21

Pegasus-CatalanGate-False-Positives

Using Citizen Lab and Amnesty's mvt-tool I detected false positive results of spyware infection due to manual manipulation of "known" malicious domains
13
star
22

verizon_data_leak

Verizon Media Data Leak - PII & PHI - Verizon Claims No Server Issue
10
star
23

Vendor-ID-Product-ID-Search

Easily Input Vendor ID's & Product ID's of USB Devices
Shell
10
star
24

Forging-Pegasus

Showing how MVT-Tool can create false positive Pegasus spyware results
8
star
25

cleanc0de

JavaScript
7
star
26

ghidra_dump

NSA ghidra tools strings dump
6
star
27

Car-Vin-Lookup

Easily Lookup Car Vin Data
5
star
28

verizon_samsung_auto_enable_adb

Verizon Spyware Tech
Shell
5
star
29

qhash

easily identify a hash or encoding by pasting the hash into your terminal
4
star
30

bad_keyboard_arduino

Turn your arduino into a bad keyboard that will execute keyboard strokes on plugin
3
star
31

MMS_Exploit_Endpoints

2
star
32

Amnesty-Investigations-Fact-Check

1
star