🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Cool addition! I notice that it was just announced, on October 30 developer.microsoft.com/en-us/graph/ch… but it was actually available in the Graph API metadata since at least September 3 when it was added automatically to the Graph API SDK github.com/microsoftgraph… 😉

Good occasion to remind that Windows Server 2025 domain controllers can prevent this with the new GPO setting "Domain controller: Refuse setting default machine account password". See: learn.microsoft.com/en-us/windows-… Except for machines which already have such a default password...

I like the idea of "Microsoft managed" setting since as they say "IT admins can trust Microsoft to enable a security feature they haven't explicitly disabled" But... "Today, the Microsoft managed configuration for location and application name is Disabled" learn.microsoft.com/en-us/entra/id…

Vous pouvez me retrouver dans l'excellent podcast If This Then Dev où je parle de "Sécuriser l'AD" avec Bruno. Allez l'écouter 😉 ifttd.io/episodes/secur…

🎉 We finally unveiled the new Entra ID capabilities of Tenable Identity Exposure that occupied me the past months! Find identity weaknesses and misconfigurations in your cloud IdP, beyond AD 🕵️‍♂️ - Press release: tenable.com/press-releases… - Demo: demo.tenable.com/share/nlwcu65i…

Are you even doing research or pentest if your terminal isn't mostly in red?

Last year I suggested Security Response to mark some Entra permissions as privileged. They disagreed. medium.com/tenable-techbl… Thankfully, it was fixed anyway a while later 👌 - microsoft.​directory/domains/allProperties/allTasks - microsoft.​directory/domains/federation/update

🎥 Here's the recording of last week's webinar where I shared how to protect Entra ID from real-world attacks 🏴‍☠️, beginning with federation backdoors/privesc, using Tenable Identity Exposure tenable.com/webinars/3-rea…

Great talk by Martin Haller on supply-chain attacks between Entra tenants 👏 The techniques aren't new, but showing a script (yeah a real one, no AI needed) able to automatically exploit these lateral movement and backdooring techniques is scary😨 youtube.com/watch?v=QF6HOA…

👨‍🎓 Just attended the "Adversary Tactics: Identity-Driven Offensive Tradecraft" training from SpecterOps! 🤯 It’s an intense course (that hurts!) on identity-focused attack paths, packed with knowledge and nice labs 💡 Highly recommend! specterops.io/training/ident…

Nice Kerberos tricks by CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 👌

Coming soon as a CTF challenge near you!