Thanks to Dirk-jan and all co-students in Dirk-jan's offensive Entra ID & hybrid AD course. It's highly recommended and definitely increased my interest in Entra/Azure!
Next is the last day of Insomni'hack and some extra days in beautiful Switzerland!

That’s a wrap.
Really worth it and absolutely recommended if you want to get your hands dirty with everything token related when it comes to the MS cloud.
Thanks for being a cool teacher and just a friendly dude Dirk-jan

Current status: having to explain why I would need more than the unannounced, undocumented, new limit of 5 automation accounts per subscription... Why all my runbooks fail is still a mystery. Frustrating to say the least.

'Hello: I'm your Domain Administrator and I want to authenticate against you'. My #SilverPotato is out, check the blog post: decoder.cloud/2024/04/24/hel… 😃

The agenda for this years x33fcon looks 🔥. It's a great conference so if you can, grab one of the last available tickets :)

I just published a blog and tool for the LSA Whisperer work that was presented at the SpecterOps Conference (SOCON) back in March.

If you are interested in getting credentials from LSASS without accessing its memory, check it out!
medium.com/specter-ops-po…

Hey Azure Support, why am I suddenly running into undocumented limits of 5 automation accounts per subscription and do all the runbook jobs I submit return rate limit errors? I've previously been using the same deployment over a year without issues...

the CallForPaper for #AREA41 conference is open!
Submit your best technical research to be a part of this conference🤓
⏳You got till April-24⌛️
#dc4131

area41.stfn.ch/2024/

Can a DHCP administrator become a domain administrator? Well, as it turns out, sometimes it sure can. 🥴

In our latest blog post, see how Akamai researchers discovered a new PrivEsc technique affecting Active Directory.

Full write-up:
akamai.com/blog/security-…

🎓🎓 #RomHack2024 #Training 🎓🎓

Early Bird –> 10% discount
We rely on our community to make #RomHack2024 bigger and better!

Register Now: romhack.io/training/

#CyberSecurityExperts #LearnFromTheBest #CyberSecurityTraining

New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta. blog.xpnsec.com/identity-provi…

I've always recommend the free Microsoft 365 developer subscription as a great way to learn. Having it locked behind a 600 EUR to 3k EUR minimum cost is going to hurt Identity Security learning capabilities for everyone. Very sad to see it like this.
devblogs.microsoft.com/microsoft365de…

I'm so excited today to announce that I'm launching my own online training platform Calypso Heavy Industries (CHI) 🎊

The first course to appear on Labs is 'Windows Instrumentation with Frida', check it out:
labs.calypso.pub/windows-instru…

Labs is partnering with Vector 35, when you sign up you get a…

🚨📢 Insomni'hack 2024

We have some important news for you...

💻🛡️The program of conferences has been released : ow.ly/usaY50QPZHR

👉Details and registration: ow.ly/26nq50QPZHS

We look forward to seeing you very soon.

#INSO24 #CTF #cybersecurity #event

📢 Thrilled to be teaching with Thomas Roccia 🤘 at Black Hat #BHUSA 🌟

🚀 Boost your career by learning how to apply Python & Generative #AI to #CTI . From the basics to building your own LLM-based Agents 🤖 #AI Security

✅ Secure your spot blackhat.com/us-24/training…
👉 More info…

My new blog has arrived. A lot of what is in here mimics APT29 (Midnight Blizzard) Tradecraft. Some good nuggets also on using Evilginx development mode for phishlet development if you don’t want to expose a VPS. Enforcing cloud native in Entra ID? I got you covered with a…

Ru Campbell Kenneth van Surksum - MVP rootsecdev Dirk-jan Deployment timelines for getting this to public preview went a little faster than expected - working on getting the docs changes merged ASAP. Should be available by end of the day😅

Hello: I'm your ADCS server and I want to authenticate against you. My latest Post and PoC are out. You can read it here: decoder.cloud/2024/02/26/hel… Enjoy :)