NEW TOOL: IceKube gives you a cool edge over attackers. This new tool from Mohit Gupta generates a graph database of a Kubernetes cluster & analyzes the relationships to identify potential attack paths. Get it now on GitHub>> labs.withsecure.com/tools/icekube-… #CyberSecurity #cyberattacks

Amazing first day at #Rejekts2025 !

This is great to see AWS centralizing info about their end of life products in one place! Hopefully I'll eventually be able to retire github.com/SummitRoute/aw… aws.amazon.com/blogs/aws/intr…

This is bad for AD big time 🤯... Don't understand why they decided not to service this immediately. Awesome research!

Since several people already asked: the slides from Fabian Bader and myself for TROOPERS Conference are available! "Finding Entra ID CA bypasses-the structured way". We talked about FOCI, BroCI, CA bypasses, scopes and getting tons of tokens. Check it at dirkjanm.io/talks/

Detect anomalous external OAuthApp activity using 🆕ActorInfoString 🔥 techcommunity.microsoft.com/blog/microsoft… KQL Code: detections.ai/rules/8ba39853…

Initial Access Attack in Azure - Understanding and Executing the Illicit Consent Grant Attack in 2025 alteredsecurity.com/post/initial-a…

I have a new post out on the NetSPI blog today. This one is on extracting sensitive information from the Azure Load Testing service. netspi.com/blog/technical…

🎣 𝐊𝐢𝐧𝐠𝐟𝐢𝐬𝐡𝐞𝐫 - a new, blazing fast secret detection tool (Rust) Validates if secrets are active. >700 secret detection rules. Kingfisher uses: * Hyperscan for regex matching * tree-sitter for parsing source code across 20+ programming languages H/T Mick G. for

👿 𝐇𝐢𝐣𝐚𝐜𝐤𝐢𝐧𝐠 𝐀𝐦𝐚𝐳𝐨𝐧 𝐄𝐯𝐞𝐧𝐭𝐁𝐫𝐢𝐝𝐠𝐞 𝐟𝐨𝐫 𝐥𝐚𝐮𝐧𝐜𝐡𝐢𝐧𝐠 𝐂𝐫𝐨𝐬𝐬-𝐀𝐜𝐜𝐨𝐮𝐧𝐭 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 Square's Ramesh Ramani describes six attack patterns leveraging EventBridge's cross-account capabilities for infiltration and exfiltration. AWS

SlimKQL Community Group Hi all, I have migrated all my 338 KQLs from the GitHub Repo to Detections.ai SlimKQL Community Group. If you would like to get updates on my latest KQL detections, please do "FOLLOW" this community group. Thank you! Steven 😄

🚀 Super excited to see Azure Kubernetes Service (AKS) working with Robusta & HolmesGPT! AI-powered observability + automation for your clusters 🤖 Sign up now to try it out: azure.microsoft.com/en-gb/updates?… #Azure #AKS #Robusta #HolmesGPT

Thousands of MCP servers are already live, but most security teams don’t have a clear strategy yet. Get this guide and learn: - Key risks with local and remote MCP servers - Real-world threats like prompt injection and supply chain compromise - Steps for safely using MCP tools

If you didn't find my Black Hat / Def Con slides yet, they are available on dirkjanm.io/talks . Also includes the demo videos where I use actor tokens from on-prem to access SharePoint online and get Global Admin.

ACTIVE DIRECTORY: RESET THE DSRM PASSWORD Got the DSRM password for each DC documented somewhere? It's surprising how many folks we've encountered that are in a pickle and have no clue what the DSRM password is! In an elevated CMD for a local DC: ntdsutil set dsrm password

Convert existing #Azure resources to #Terraform within one minute using the new #Microsoft #Terraform #VSCode Extension. Check it out here: marketplace.visualstudio.com/items?itemName…

🚀 Just spotted the latest post from the AKS team: “Announcing the CLI Agent for AKS: Agentic AI‑powered operations and diagnostics at your fingertips” A game-changer for troubleshooting AKS clusters using the power of agentic AI. Built with HolmesGPT and AKS‑MCP, this CLI

🔥Anonymous Blob Access Detection This KQL query identifies potentially exposed Azure Blob Storage containers that have been accessed anonymously from known or suspected malicious IP addresses. It helps detect unauthorized access attempts that may indicate data leakage or

Token Protection in Microsoft Entra Conditional Access for Windows is now GA! 🎉 #EntraID #Token learn.microsoft.com/en-us/entra/id…

Why I’m Moving from Kubernetes Ingress to Gateway API Read more: blog.devops.dev/why-im-moving-…