all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Directory.ReadWrite.All Is Not As Powerful As You Might Think

Add to bookmarks
Feb. 12, 2024, 6:10 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the Global Admin Entra ID role.

Why it matters


  • Azure admins and security professionals may put undue focus on this permission at the expense of more impactful permissions

  • Those more impactful permissions may go ignored, leaving potentially dangerous configurations in place

Yes, but…


  • Directory.ReadWrite.All does grant some privileges, and those privileges can lead to dangerous attack paths depending on other …

admin azure directory entra entra id focus global graph high may permission permissions privilege professionals readwrite role security security professionals

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Dissecting Windows Malware Series – RISC vs CISC Architectures – Part 4 4 minutes ago | malware.news
architectures cisc gains history +7
The life and times of an Abstract Syntax Tree 14 minutes ago | malware.news
artificially intelligent can clear compiler +12
Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online 15 minutes ago | malware.news
article attack cybercriminals hacker +12
Strengthening Cloud Security Together: Meet the Runtime Insights Partner Ecosystem 35 minutes ago | malware.news
cloud cloud security collaboration cybersecurity +18
North American, European critical infrastructure facing pro-Russia hacktivist threats 44 minutes ago | malware.news
agriculture america american article +37
RSA Conference 2024 Preview: The Sessions to See This Year an hour ago | malware.news
article brian conference episode +12
Senators Reprimand UnitedHealth CEO in Ransomware Hearing an hour ago | malware.news
attack ceo change change healthcare +17
Prisma SASE 3.0 — Securing Work Where It Happens an hour ago | malware.news
application coffee corporate corporate network +19
Deepfakes and AI-Driven Disinformation Threaten Polls 3 hours ago | malware.news
access article campaigns deepfakes +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs