Just because software can live on a Domain Controller doesn’t mean it belongs there. In this blog, Scott Blake offers a practical guide to understanding the risks and asking the right questions before expanding your Tier 0 attack surface. Read now! hubs.la/Q03YCrLG0

TokenFlare is now public 🔥 Serverless AiTM phishing for Entra ID - deploys in <60 seconds on Cloudflare's free tier. Dropped it at BSides London last Saturday. The room's reaction told me we cooked. blog: labs.jumpsec.com/tokenflare-ser… repo: github.com/JumpsecLabs/To… Demo 👇

Microsoft Defender for Identity Recommended Actions (1) Resolve unsecure domain configurations thalpius.com/2023/06/09/mic… (2) Unsecure account attributes thalpius.com/2023/06/19/mic… (3) Remove dormant accounts from sensitive groups thalpius.com/2023/07/11/mic…

ADCS Cheat Sheet, by Swissky swisskyrepo.github.io/InternalAllThe…

TokenFlare: Serverless AITM Simulation Framework for Entra ID and M365 github.com/JumpsecLabs/To…

The Ultimate Guide to Windows Coercion Techniques in 2025, by RedTeam Pentesting blog.redteam-pentesting.de/2025/windows-c…

📢 EDR Silencing 📖 1x Playbook -  A structured breakdown of the full approach 💡 6x Procedures - Practical, reproducible techniques mapped to real-world operator workflows 🚨 1x Sigma Rule - To help defenders spot this activity 💭 Would love your thoughts ipurple.team/2026/01/12/edr…

Having responded to probably hundreds of incidents at this point, from ransomware to APT's, in my experience, the lack of knowledge on how to adequately secure Entra applications and service principals continues to be the biggest knowledge gap most defending teams have. You

My SCCM BloodHound OpenGraph collector, ConfigManBearPig, is finally ready to share! It can enumerate all of the relay TAKEOVERs and a few CRED and ELEVATE techniques from Misconfiguration Manager with just a domain account. Let me know what you find! specterops.io/blog/2026/01/1…

NTLM reflection attacks can be used to compromise Active Directory domains even with SMB signing if systems aren’t fully patched depthsecurity.com/blog/using-ntl…

Managing Privileged Roles in Microsoft Entra ID: A Pragmatic Approach trustedsec.com/blog/managing-…

ADTrapper. Active Directory Security Analysis Platform, by The Haag™ github.com/MHaggis/ADTrap… Video: youtube.com/watch?v=kr4SwB…

I don't know how did I miss it, but aka.ms/AppNames is a simple and useful repo by Merill Fernando, updated daily automatically, with IDs and permissions of Microsoft built in apps. Perfect! Microsoft Entra ID (Azure AD)

Awesome tool for #DFIR folks working with MDE. binaryanalys.is/posts/defender…

Not all AD group membership is created equal. In this blog, @techBrandon explores how the primaryGroupID attribute can be abused to hide privileges as well as how teams can detect and defend against it. Read now! hubs.la/Q03_VvHz0

ConditionalPolReviewer. PowerShell-based tool for auditing Microsoft Entra ID (Azure AD) Conditional Access policies and Multi-Factor Authentication (MFA) compliance across an organization github.com/ChiefW0mbat505…

Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D

#ConsentFix (#AuthCodeFix) ) is the latest variant of the fix-type phishing attacks. Dive deep into the mechanics of the attack in St0pp3r latest blog post with #KQL detection queries and mitigations. 👇 blog.nviso.eu/2026/01/29/con…

Hello folks, excited to share my latest research, co-authored with my friend Kyprianos Vasilopoul: “The Walking Dead of Active Directory.” This research focuses on uncovering hidden attack paths in Active Directory that originate from disabled AD principals. medium.com/@nickvourd/the…

I think this is a really good blog post that covers the entire attack from what is code flow to a ready to use KQL! (which i tested, works great!) They also give you the commands to simulate the attack, which is great! blog.nviso.eu/2026/01/29/con…