Massive thanks to Dr. Nestori Syynimaa for being able to get one of these cool badges! Coming in early-ish clearly was the right call 😂 Will be playing around with it alongside my bro to get it working (or break it more)

Storm-2372 now device code phishing for PRTs... dirkjanm.io/phishing-for-m… (detection KQL in blog)

Excellent talk from Martin Haller on various attacks against Entra! Would deffo recommend to folk to watch the vid when it gets published by Disobey

With a process that began two and a half years ago, I'm very excited to announce that I've written a book with No Starch Press! 🎉 "Practical Purple Teaming" tells you all you need to know to get started with collaborative offensive testing. nostarch.com/purple-teaming

Yo check out my friend James’ talk on protocol confusion attacks Deffo an excellent use of 40 mins if you’re into cool lower-level attacks youtu.be/gcsdrQH0fOQ?si…

Obligatory tactical repost of my talk from Disobey this year! Hopefully people use this to get inspired and show us some more cool less explored attack surfaces in Entra and Azure youtu.be/iwLaWPisu64?si…

This is truly amazing. The Deputy White House Press Secretary is claiming that I'm wrong, and that the "tariff rates" on Trump's chart were calculated by "literally" measuring every country's tariffs and non-tariff trade barriers. To prove it, he screenshots the formula the USTR

I did a thing. Thanks Cloud Security Podcast for having me!

I love how when I'm testing CA policies I can just google around a bit and find Nathan McNulty 's detailed guides around some of the issues😂 P.S Also pro-tip for people playing with attributes remember that there is an Attribute assignment AND definition adm role

An in-depth look at the recently published EchoLeak vulnerability on M365 Copilot by Aim Security that could lead to data exfiltration just by sending an email to a user who uses Microsoft Office365 Copilot. youtu.be/Myf1cLsUxsk

Hey Nathan McNulty gathering some data and wanted to get your thoughts. On the topic of exclusions, what are the best approaches for Conditional Access in Entra and exclusions for endpoints in MDE in the context of a large enterprise? CA policies I'm a fan of Restricted AU sec

Great presentation & next level memes by Leo Tsaousis and James Henderson! Offensive X

This incredible duo of Leonidas Tsaousis (@laripping) & James Henderson are taking the stage at Offensive X to talk about ‘’ There and Back Again: An Attacker's Tale of DCs in AWS’’ #OffensiveX2025 #CyberSecurity #AWS #RedTeam #CloudSecurity #InfoSec #Hacking

Heya got a talk happening later today pretalx.com/fwd-cloudsec-2… where I’m gonna talk about some interesting SharePoint findings! Last one will be particularly interesting to folk 👀 Should be at this live stream youtube.com/live/Vb_MyY3RQ…

It’s a packed house over at Katie Knowles talk on Azure Service Principals, a history on backdooring them, and more!

Check out Katie Knowles 's talk on Entra 1st-party service principal abuse currently airing at fwd:cloudsec youtube.com/watch?v=0BTBK3… Deffo a good watch in the current livestream or when the individual talk video drops later on in the channel

My talk was published mega quickly as its own video by fwd:cloudsec (thanks btw!) So feel free to check it out if you wanna learn some fun SharePoint research outcomes and learn about a “pre-signed url” equivalent method of accessing SharePoint files! youtu.be/l5lpIF_QZCE

Check out ThomasByrne_infosec ‘s talk as well if you wanna see some more usage of RoadRecon with Microsoft Graph! youtu.be/dTUeAhzmIu8

Last talk shout out for Nick Jones and Mohit Gupta who talked about how to build a new AWS environment. By consultants for consultants and without any extra external consultants! Worth a check out if you’re interested in some of the challenges we faced youtu.be/rai0bTOamG0

If anybody is interested in Azure DevOps and how attackers might go about abusing OIDC connections used in pipelines then check out my colleague’s latest blog! labs.reversec.com/posts/2025/07/…