There is now a new free tool to get more insight into the security of Entra ID, specifically role management. github.com/canix1/PIMSCAN #PIMSCAN #EntraID #CyberSecurity

"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: decoder.cloud/2024/04/24/hel… 😃

Never again.

Just published a short blog post on abusing the SeRelabelPrivilege ;) decoder.cloud/2024/05/30/abu…

Very happy to have made it to MSRC's 2024 Q2 leaderboard.🙂 Thanks Microsoft Security Response Center !

Spent the weekend exploring managed identities! Curious why Microsoft introduced them and how they work? This is just the start—more on IMDS, logs, and abusing these objects coming soon! 🥳 sapirxfed.com/2024/07/13/man…

For those that came to the talk on UnOAuthorized, but had issues with the blog not being available… it’s up now 😅 #Entra #EntraID #M365 #infosec #azure sl.entra.ms/unoauthorized

Bit of Silver SAML from Eric Woodruff | MVP | CIDPRO & Tomer Nahum

Silver SAMLing at #BHUSA #Arsenal by Tomer Nahum and Eric Woodruff | MVP | CIDPRO

M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay & forwarder for MiTM attacks! >Relays Kerberos AP-REQ tickets >Manages multiple SMB consoles >Works on Win& Linux with .NET 8.0 >... GitHub: github.com/decoder-it/Krb…

If you consume multi-tenant apps in #EntraID, and they’ve been granted consent to do things in your tenant, you can spy on the auth choices your vendor makes - secrets or certs - in the logs available in your #Entra tenant. #infosec #azure #m365 ericonidentity.com/2025/01/13/spy…

Notes from the Field: My journey in trying to change Windows password in the most complex way, purely for fun, very little profit, but definitely a fun challenge! More details here ➡️decoder.cloud/2025/02/11/cha…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

At TROOPERS Conference I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well. You can read all about it here: #Entra #M365 #infosec semperis.com/blog/noauth-ab…

Golden dMSA: One key to rule them all Just found a new flaw in Windows Server 2025's dMSAs that lets attackers brute-force ALL managed service account passwords with 1024 attempts. This research builds on the awesome research Golden gMSA (Yuval Gordon ). semperis.com/blog/golden-dm…

Heading to #BlackHatUSA? Don’t miss EntraGoat—a vulnerable Microsoft Entra ID environment built for testing real-world misconfigs and attack paths. Presented by Semperis researchers Tomer Nahum & Jonathan Elkabas #BHUSA

Going to release two new tools next week that will be showcased at Blackhat Arsenal USA 2025 and Defcon 33 Demo Labs 😃 1️⃣ EntraGoat - a deliberately vulnerable Entra ID environment - Built together with Jonathan Elkabas. 2️⃣ SAMLSmith - Built together with Eric Woodruff | MVP | CIDPRO

Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…

Happy to release SAMLSmith together with Eric Woodruff | MVP | CIDPRO - Generate forged SAML responses - Simulate Silver SAML & Golden SAML attacks - Extract usable certificate files from AD FS encrypted materials. The tool is written in C# Check it out here - github.com/Semperis/SAMLS…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…