Latest articles
![hand tries accessing SharePoint files](https://info.varonis.com/hubfs/Blog_VTL-DataExfiltrationinSharepoint_202403_FNL.png)
Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection
![Eric Saraga](https://info.varonis.com/hubfs/eric-saraga-1.jpg)
Apr 09, 2024
Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files.
![SID injection attack](https://info.varonis.com/hubfs/Blog_SyntheticSIDAttack_202203_FNL.png)
Is this SID taken? Varonis Threat Labs Discovers Synthetic SID Injection Attack
![Eric Saraga](https://info.varonis.com/hubfs/eric-saraga-1.jpg)
Mar 11, 2022
A technique where threat actors with existing high privileges can inject synthetic SIDs into an ACL creating backdoors and hidden permission grants.
![](https://info.varonis.com/hubfs/Blog_PowerAutomate_BlogHero_FNL.png)
Using Power Automate for Covert Data Exfiltration in Microsoft 365
![Eric Saraga](https://info.varonis.com/hubfs/eric-saraga-1.jpg)
Feb 02, 2022
How threat actors can use Microsoft Power Automate to automate data exfiltration, C2 communication, lateral movement, and evade DLP solutions.
![](https://info.varonis.com/hubfs/Imported_Blog_Media/Using-Malicious-Azure-Apps-to-Infiltrate.png)
Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant
![Eric Saraga](https://info.varonis.com/hubfs/eric-saraga-1.jpg)
Aug 20, 2020
Phishing remains one of the most successful ways to infiltrate an organization. We’ve seen a massive amount of malware infections stemming from users opening infected attachments or clicking links that...
![](https://info.varonis.com/hubfs/Imported_Blog_Media/Graphic_AzureSkeletonKey_202004_V1_0-01.png)
Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials
![Eric Saraga](https://info.varonis.com/hubfs/eric-saraga-1.jpg)
Apr 22, 2020
EDIT: Security researcher Adam Chester had previously written about Azure AD Connect for Red Teamers, talking about hooking the authentication function. Check out his awesome write-up here. Should an attacker...
Try Varonis free.
Deploys in minutes.