🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Nothing new, but formalized some operator notes on Entra ID/Azure tradecraft I've found to be exceptionally useful on ops. Overlooked this myself for quite some time and thought others in the same boat might find it worth a read! 📖 medium.com/specter-ops-po…

Amazing that my python knock-off beat the official SharpHound somehow 😂 can't really claim credit for this, thanks to the SpecterOps folks for the awesome product and to all the contributors to bloodhound python over the years!

Two new Entra ID training opportunities in the next few months! I will give another 4-day edition of my public training July 7-10 in The Hague, NL. I will also return to RomHack (Rome, IT) this year for a training Sept 23-27 😀 Info and ticket links: outsidersecurity.nl/training/

We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them. falconforce.nl/dawshund-frame…

Dirk-jan Mollema (Dirk-jan) is joining #OffensiveX2025! Founder of Outsider Security , a Microsoft MVP and one of the sharpest minds in AD & AzureAD security. You've seen his tools. You've read his blog. Now catch him live. 🔗 offensivex.org/register.php #CyberSecurity #RedTeam

I spoke about the initial credential guard vulnerability at #SOCON2025, but I left out the part where the fix could be bypassed. Both bypasses have now been fixed which I cover in my blog post along with some juicy technical details. Enjoy.

Just found something super useful for my research...... In my own notes from 2023 😅 how I found it back then and why I didn't do anything with it earlier remains a complete mystery.

Just pushed a new versions for #AADInternals and AADInternals-Endpoint modules! Some bug fixes plus support for: 1️⃣ Microsoft Authentication Library (MSAL) 2️⃣ Token Protection 3️⃣ Continuous Access Evaluation (CAE)

The rumours are true! I'll be back at TROOPERS Conference this year for a joint talk with Fabian Bader! We'll talk about signing in to all the apps, the challenges that brings and how to request 600k different tokens in 20 minutes 😅

I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…

Incredible line-up for the #TROOPERS25 AD & Entra ID Security Track, featuring Jonas Bülow Knudsen Martin Haller Dirk-jan Fabian Bader Dr. Nestori Syynimaa S3cur3Th1sSh1t Duane Michael & many more linkedin.com/posts/enno-rey…

Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂 sapirxfed.com/2025/04/28/exp…

👇 github.com/ly4k/Certipy/d…

I'll be returning to #BHUSA Black Hat this summer for a brand talk about moving laterally from AD to Entra ID. I don't think I've ever been this excited about a talk, with lots of cool stuff to share 🎢 😄.

ZPS has a new site with some pretty cool changes to pricing, labs, and exams. Read more here: zeropointsecurity.co.uk/blog/new-site-…

This is bad for AD big time 🤯... Don't understand why they decided not to service this immediately. Awesome research!

ESC1 via the cloud over Intune 😬

Looking forward to returning to x33fcon with a brand new talk on bringing your own OIDC provider and play around with Entra external auth methods, federated credentials, and more!

Since we now can use Entra ID connect sync with a service principal, I thought I'd look into the new security measures. On hosts without a TPM, we can dump the cert+key. On hosts with TPM (second picture) we can use the key to create an auth assertion for roadtx to req tokens.

Unconstrained Delegation on a gMSA and Webclient / NTLMv1 active on servers that can retrieve the credentials of a gMSA with unconstrained delegation can lead to a complete domain compromise from domain users. nothingspecialforu.github.io/UCgMSAExploita… Micah Van Deusen, Dirk-jan, nice tools :)