A bunch of apps I’ve been poking around with lately interact with Dataverse using $batch queries. Not seen much chatter about it, but really handy to subvert intended logic when the queries and writes are just … there. Any authz issues are super obvious too 👁️👁️

knew win10 had the dsquery.dll laying around but never knew what to do with it "rundll32.exe dsquery.dll OpenQueryWindow" will pop open a console for you and you can do some light LDAP recon you can also open with with win + ctrl + f probably useful for VDI/Citrix type tests

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Missed out on BSides Perth because I’m travelling. Super proud to hear that my nephew won a challenge coin for Lockpicking 💪 … even if that makes me feel super freaking old

Quite a fun exam 🤩