Skip to content

Common Questions During a Tenant-to-Tenant Migration

Tenant-to-tenant migrations are fast becoming the most common type of migration performed due to mergers and acquisitions. CloudM’s Technical Architects, Scott Chuhran and Lloyd Deverick answer some common questions that are asked during a tenant-to-tenant migration.If you would prefer to listen to listen to this blog, please click the audio link below. 1. Can you describe the difference between an On-Premise install and a SaaS solution? With on-premise, the customer owns everything including the network and hardware. This is a quick and easy install. With our SaaS solutions, this is stored in a dedicated VM in Azure cloud and is owned by CloudM. 2. How does CloudM Migrate handle data security between the source and destination? Data is encrypted from the source to the destination, at rest from the source to our server, again across the server, and once more at rest to the destination. 3. What are the endpoint sources we can use for M365 as a destination? Endpoint sources include Google, Microsoft 365, and on-prem exchange. Also included are legacy endpoints such as Lotus Notes, Zimbra, and also IMAP. 4. Can I migrate Google Vault to M365? Our tool allows Google Vault migrations. Enter the query inside the tool and we will pull directly what we get outside of Google and paste it directly into the tenant as we get it from Google. 5. When merging 2 domains into one, how do we handle changing aliases? This is done by uploading a config file with 2 columns in the csv. Every time it reads the word on the source, it will automatically convert to the destination. This works for permissions and email. 6. Can I migrate Google Forms to M365? Yes, the form is taken out of Google and we capture answers, questions, and permissions. This is made into a cell spreadsheet and put into the Microsoft Tenant with all the data. 7. Can you explain the shrinking mailbox feature? Simply, we can select a maximum item size and anything that is over this will be stripped out of the email and added to OneDrive. A link will be provided to the user with the item’s OneDrive destination. 8. How is Microsoft Teams content from M365 migrated during a tenant-to-tenant migration? There are two elements to this as it differs depending on channels and chats. Channels are migrated like for like. One-to-one chats that are older than 7 days will go into Outlook and will be searchable. One-to-one chats that are newer than 7 days will go directly into Teams with a link to guide them to reference Outlook for older chats.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

New Reboot & Message Box Popups

Got tired of the Reboot notification window from Windows 98? Need to let your users know something? Alert the logged in user about anything? Use our new Topia executables for better user experience! Available from version 4.1.5 and above. For more information regarding the custom message, please refer to https://customer-portal.vicarius.io/how-to-create-a-custom-popup-notification

#topia_updates

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

JWT Arbitrary Command Execution - CVE-2022–23529

Introduction

Arbitrary command execution has been found in JsonWebToken version 8.5.1 and lower, and registered as CVE-2022–23529

Library details

  • Description:

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

The vulnerability

When a user access some page, the token will be passed to verify the method in the back-end. so what happens is that verify method takes three parameters token, secretOrPublickKey, [options, callback].

you can pass a payload to the second parameter and that payload will be executed.

The End Game

Based on what unit42 discovered and also based on my analysis it’s not easy or obvious how to achieve full RCE.

I want to show the analysis I did here, my final thoughts explaining why I don’t think RCE or I don’t see real exploitation behind it.

Maybe I’m wrong, or Maybe I’m right 😀 Who knows!

Prerequisites

  • Download nodejs
sudo apt install nodejs
  • Download npm
sudo apt install npm
  • Download jsonwebtoken version 8.5.1 or earlier.
npm i jsonwebtoken@8.5.1
  • Understanding of how jsonwebtoken works?

I won’t go into detail here, but I will explain the basics of the structure of JWT and how it works.

I will provide references so you can dive in depth with it if you like.

Basically, JWT token consists of three parts

  • Header: Algorithm & Token Type
  • Payload: Data
  • Verify Signature

Example:

When the user login in, the request with username and password go to Auth server, and the Auth server will verify and check the username and password based on that it will generate JWT Token for this user.

Now each time the user visits any page or route, the JWT token will be associated with the request headers.

https://dev.to/kcdchennai/how-jwt-json-web-token-authentication-works-21e7

https://jwt.io/introduction

Dynamic Analysis

I started with reproducing what unit42 already explained.

I’m using ubuntu, so you can start nodejs by typing the command

nodejs

Import jsonwebtoken.

jwt = require('jsonwebtoken');

Generate token

token = jwt.sign({"x":"y"}, 'some_secret');

This is the payload they used

var mal_obj = { toString : ()=> {console.log('PWNED!!!');process.on('exit', ()=> {require('fs').writeFileSync('malicious.txt', 'PWNED!!!!');});process.exit(0)}}

Now, pass the token and payload variable to verify

jwt.verify(token, mal_obj)

You will see PWNED!!! printed on the console.

Also, a file called malicious.txt has been created

Also “PWNED!!!!” has been written inside the file

This happened because this is what the payload we executed does.

I also wanted to see if I can execute commands, so I used this payload

var mal_obj = { toString : ()=> {process.on('exit', ()=> {require('child_process').exec('firefox');});process.exit(0)}};

and I got firefox launched.

 

Static Analysis

Let’s do some code review and see what went wrong

Download the source code of JWT 8.5.1 from here:

https://github.com/auth0/node-jsonwebtoken/releases/tag/v8.5.1

Open verify.js

here is where the vulnerable snippet of the code based on unit42 report.

After I tried to craft/edit/manipulate the JWT token, it didn’t really work.

in fact, it makes sense why it didn’t work because the payload supposes to go into the second parameter in the verify method where it’s marked in red, but the token is the first parameter, it’s marked in blue.

Final thoughts

To be honest, I’m not sure how this can be exploited remotely or even if you have access to the backend. However, based on what’s mentioned in “Exploitation Prerequisites” section in unit42 report it looks like there is no obvious scenario to exploit this.

Also based on the comments in the GitHub commit here it looks like a lot of people agree on that as well.

Some ideas for more in-depth research I was thinking about:

  • Maybe finding some misconfiguration scenario for JWT would help with exploiting this vulnerability.
  • I was thinking, about how those parameters get stored? for example in smart contracts variables are in memories like in slides. so you can overwrite the second variable in our case the secretOrPublicKey variable.

#jwt #cve #analysis #CVE-2022-23529

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Creating a culture of transparency

I once managed a product line when I didn’t even have access to revenue figures. Looking back now, that seems unthinkable. How was I supposed to manage a business when I didn’t even know how it was doing? I’m going to bet many others have a story like that too: where a culture of secrecy kept them from effectively doing their job.

In contrast, at runZero, we work at creating a culture of transparency: an environment where information flows between different levels of the organization and employees feel comfortable asking questions and sharing feedback.

When the executive team openly communicates with their employees, it builds trust and respect. In turn, employees are more likely to be productive and act in the best interest of the company. At tech companies, employees especially need access to accurate, up-to-date information to do their jobs well.

Ultimately, a culture of transparency leads to success because everyone is on the same page and working towards the same goals. Let’s dive into the specific values we’ve developed to promote and nurture transparency within our company.

Decentralize decision-making

Cultural value: “We provide transparency about decisions and the state of the business so everyone can make the right decisions autonomously.”

At runZero, transparency is a fundamental part of the way we do business. We focus on openness, so everyone knows the expectations, trusts each other, and feels confident in their role.

This level of transparency plays out in a variety of ways. At our monthly virtual town halls, for example, we are open about our standing as a company, where we are going, and what’s coming next. Our town halls deliver detailed information on financials, business performance, and even our cash position. We intend to be as honest if our cash position ever changes for the worse (though it hasn’t happened yet at the moment). By building trust and being transparent, everyone at runZero will feel like they are part of our successes and solutions.

When it comes to strategic planning, leaders provide context on the business to the team ahead of time, even if final decisions aren’t made yet. Leadership needs to be vulnerable in order to do this. They need to be able to admit that they don’t have all the answers yet, but are willing to share where they are in the process. This approach fosters collaboration and invites feedback. These are key elements to solving complex problems. We also take this approach in our one-on-one meetings.

We don’t pretend to have all the answers and understand that our employees may feel some degree of ambiguity in the face of such openness. This mindset allows for a free exchange of ideas between leadership and staff and promotes an environment where key players can work together to come to a consensus. The openness and directness of our leadership encourages employees to participate in the brainstorming process, ensuring that we make decisions based on collective wisdom instead of individual opinion.

When employees are confident in the knowledge they have, they can make the informed decisions independently, instead of expending time and resources asking for approvals internally. Transparency is essential for creating an environment where autonomous decision-making is not only accepted but encouraged.

The line between confidentiality and transparency

While transparency helps keep everyone in the loop, there are certain aspects of any business that must remain confidential, such as employee data and other human resources type information. In these cases, full transparency is not always the best solution.

In fact, during times of rebranding or restructuring, it’s better to wait until the new direction is clear before sharing any information widely, so it doesn’t create confusion. Information shared in confidence, for example about performance or health issues, should also not be shared widely.

However, our internal communication will always strive to be as honest and transparent as reasonably possible. We trust our employees to handle sensitive matters with utmost discretion and integrity.

Foster transparency through sharing

Cultural value: “We reward people who share information rather than hoard it.”

Information hoarding and siloed decision-making leads to inefficient processes and mistrust inside an organization.

Employees often hoard information to protect themselves from negative perceptions or to make themselves more valuable in the organization. However, when employees feel secure and comfortable in their environment, information hoarding becomes unnecessary.

That’s why we model and reward information sharing and transparency. For example, runZero’s Google Drive is fairly open—almost any employee has access to the files, except for those pertaining to sensitive information like human resources or finance. Generally speaking, however, employees can dig around for all kinds of data: company stats, dashboards, Hubspot data, and more. If employees can investigate, they can find solutions. In turn, we give them recognition for finding those solutions.

By providing tools like these and encouraging employees to use them openly and confidently, we avoid the issue of information hoarding altogether.

Help candidates grow through transparency

Cultural value: “If we turn a candidate down and we have helpful feedback, we offer to provide it.”

Sharing feedback with a candidate during the hiring process can be one of the most challenging tasks for any leader. Not only do we have to choose our words carefully, so that the message is constructive, but we also have to pick information that is truly valuable for the candidate’s growth. We also give the candidate the option to decline feedback, as we know sometimes that it can be a hard pill to swallow, depending on their circumstances.

The most difficult type of feedback is about someone’s potential. Oftentimes, this feedback may not consist of more than general comments about their capabilities or capacity for growth. It can be hard to deliver this type of feedback without it being demoralizing. So, we try to encourage candidates, while giving clear guidance on what specific improvements to help them understand what we are looking for at runZero. You never know what could happen: a few years down the line, the candidate could improve with feedback, timing shifts, and they end up being just the right fit for runZero.

We want the best fit for everyone involved. Anyone interviewing a candidate for runZero will be open and transparent, and we look for that to be reciprocated. We really listen for people with a growth mindset and who value transparency as much as we do.

Be honest with customers

Cultural value: We only take deals that are mutually beneficial partnerships. We take an honest, consultative approach to selling. We don’t pressure customers into sales if runZero is the wrong solution.

At runZero, we pride ourselves on our commitment to fair and transparent pricing. We are honest with our customers about what our product can do and if their requests exceed its capabilities, it’s best that everyone knows sooner rather than later. It saves everyone time in the long run. The sales team can disqualify the deal earlier and spend more time on deals with a higher likelihood to close. Disqualifying a deal builds trust and helps the customer understand the problems we can solve for them – and some return later when they are looking for a solution to those problems. The company experiences a higher renewal rate because customers weren’t oversold.

This approach benefits both parties in different ways: by being upfront about what our product can do, buyers benefit from a service that actually gives them what they need, while sellers don’t waste time trying to convince someone of a product that ultimately won’t work for them.

By committing to this type of customer service, we hope to help create an environment where buyers and sellers form trusting relationships.

The foundations of a great team and company

Open and honest dialogue is the cornerstone of any healthy team. Carrying out transparency in everything we do creates deeper connections between employees, leaders, and customers. We understand that fostering a supportive environment means that everyone should have access to information needed to be successful in their roles.

Creating a culture of transparency guides us at runZero every day. So if you’re looking for a role where transparency is in our DNA, we’d love for you to join us.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Pandora FMS: What do you know about sending additional information in email alerts?

When monitoring the software components of a server, sometimes you may need to find out some additional information about the performance of the metrics you monitor.

Sending additional information in email alerts

This is all about putting data into context, because 25 is not the same if it is 25% of a CPU, or 25% of a CPU with other three more CPUs, all of them at 100%, or 25% of a CPU of a computer about to be blocked by excess of I/O transactions that has been overloaded for hours, which has risen the system’s temperature to the maximum.

Isn’t it true that “25” can mean many things? Let’s dig a little deeper into it

Continuing with the previous case, suppose that you wish to measure the CPU usage in one of the servers you manage, and where you defined thresholds that force notifications by email to computer managers. 

This threshold (CRIT for CPU > 80) would be reflected in the module configuration as follows:

Configuración del módulo

The alert is defined using the template “Critical condition” and I use the action of sending custom email to send to a specific mailbox.

Critical condition

Okay, so far it’s kind of basic. 

But you may like to be able to send some additional information about the problem, something to collect only when needed, real-time information that is useful for you to find a solution automatically.

But…. Can Pandora FMS do this?

Well, you may include information from other modules in the email using alert macros that reference other modules. 

You may check the full list of macros in our documentation, but we will give you a quick summary of some interesting ones:

moduledata_X_: It will show the data of the  “X” module of the same agent as that of the module that triggers the alert. 

That way, if you have a module called LoadAVG, calling the macro _moduledata_LoadAVG_ you may dump the value of the system load. 

Likewise, to show a graph of the last 24 hours of that module, you should use the macro _modulegraph_LoadAVG_24_ 

*This last thing about the graph is still experimental, until version 772 it will not be available to everyone.

Showing procedures

Perhaps you would like to include textual information about what to do in case your module is set into CRITICAL, as some kind of instructions or procedure. To that end the macro _alert_critical_instructions_ will return the text that you configured in said module for this case.

Showing previous data

You may also be interested in showing the previous data on this monitor before the alert was triggered; to that end you may use the macro  _prevdata_

Showing agent informational custom fields

Imagine that you have a field in the agent that collects data, which tells you the name of the system administrator and their phone number, as custom agent fields with ID 7 and ID 9. 

To that end we would use the macro_agentcustomfield_n_ as macro_agentcustomfield_7_ and macro_agentcustomfield_9_ and thus be able to add to the email the name and phone of the person in charge of the system.

A full example, using macros in an email

Let’s now see an example!

If you wanted to send a somewhat more complete email, edit the email action you are using to add new macros:

Macros nuevas

Using dynamic information

What if you want to go further

What if you want to execute a command every time something happens and collect the value to send it in the email? 

That way, you do not need to have a constant additional metric when monitoring so as not to fill the database with information that is only useful in critical situations.

In order to submit additional information, it will be necessary to create a previous module in your software agent so that it collects the information only when necessary. 

With that purpose in mind, enter the following structure within your module:

module_begin 

module_name MODULE_NAME

module_type async_string 

module_precondition > X COMMAND_TO_RUN_AS_CONDITION

module_exec FINAL_COMMAND_TO_BE_EXECUTED

module_end

  • The module will have to be asynchronous and with the type of data that you will collect. 

This is due to the need for this module not to go into an unknown state, thus giving a false perception of failure, when it does not meet the module’s precondition.

  • A condition expression will have to be incorporated so that you may run the module normally. 

For that purpose, run a previous command from which to obtain the numerical information to obtain the data. Following the example of the CPU described above (which is higher than 80%) it would be something like:

  • module_precondition > 80 uptime | awk -F “,” ‘{print $3}’ | awk ‘{print $3}’ | tr d “\n”
  • Finally, use the command to obtain such additional information in order to attach it to your email.

In the previous case, it would be convenient to know the processes that are using more CPU (top 5 processes), so you may enter the following case:

  • module_exec top -n1 | head -12

So in the previous example there would be a module as follows:

module_begin 

module_name TOP5_CPU_Proc_Usage

module_type async_string 

module_precondition > 80 uptime | awk -F “,” ‘{print $3}’ | awk ‘{print $3}’ | tr d “\n”

module_exec top -n1 | head -12

module_end

Once you create the module that will only be executed when necessary, enter this information in your email.

 For that purpose use the following macro within the email:

_moduledata_TOP5_CPU_Proc_Usage_ 
This is only a way of using it to send the additional information, you may use it for other cases such as for example if the disk usage of a server is reaching the limit, you may show the five heaviest files saved on the server using the command  “du -Sah/ | sort -rh | head -5”

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×