Your Web Application Firewall (WAF) sees EVERYTHING 👁️ In our new blog, nyxgeek demonstrates how an attacker with access to #Azure Front Door’s WAF and Log Analytics can potentially skim credentials from a site behind the WAF. Read it now! trustedsec.com/blog/skimming-…

Hey peeps! A new blog post in "AD CS Partitioned CRLs - A Comprehensive Guide" series is arrived: 👉 Part 2 - Design Strategies 🔗 sysadmins.lv/blog-en/ad-cs-… More stuff on the way! #PKI #ADCS

Second story from a recent coffee break with my pentest colleague. During a retest for a client, they discovered the same ESC1 vulnerability they had reported before. Why is that dangerous and also super critical? "Active Directory Certificate Services (AD CS) is the backbone of

What is Maester? [1] Maester is a PowerShell-based test automation framework that helps you stay in control of your Microsoft security configuration. Such an awesome tool - test details can be filtered by passed, failed, and skipped. Failed tests come with detailed

Dirk-jan found one of the most severe vulnerabilities ever discovered in Microsoft Entra ID. One that could have compromised every tenant in the cloud. In this episode, we unpack the story, the stress, and the mindset behind responsible disclosure. 🔥 We dive deep into his

If you haven't seen it, go check out the SecOps guide for Entra. It covers the operationalization of security across users, devices, applications and more. If securing Entra is part of your job description, this should be bookmarked. learn.microsoft.com/en-us/entra/ar…

One compromised Microsoft Entra account - full tenant takeover. And you’re left with what Microsoft gives you as logs. That’s your entire investigation surface. It used to be different. Attackers had to break into a DMZ service, move laterally into the internal network, or pull

ps - I created an AD Security resource kit for IT admins. If you want to know where to start & what issues to look for, then this is for you. You can get access to it by signing up for my free email newsletter. If you're already a subscriber, DM me for the link! 👇 Access it

‼️CrowdStrike confirmed they were hit by an insider threat, someone took screenshots on internal systems and shared them with scattered LAPSUS$ hunters. scattered LAPSUS$ hunters confirmed to us they paid $30K in total to the insider and gained direct access after receiving SSO

spencer, Nathan McNulty github.com/AlchemicalChef… As promised I'd let you know when v1 was out. It's "functional" but there's a lot of things I want to do with it. (I welcome suggestions/input) Going to turn my attention to the audit platform and UI next.

Preparation is your best defense. 🛡️ Our new guide with Mandiant (part of Google Cloud) distills 20+ years of frontline insight into clear IR basics: how to plan, test, classify incidents, and communicate. Read it here:bit.ly/43LGYnY

I wanted to follow-up and let The Haag™ Nasreddine Bencherchali Kostas Hare Sudhan Jose Enrique Hernandez know that the Sysmon config for the LOLRMM framework is "effectively" complete for the primary areas of focus. I have intentions to add more filtering to it but it is. dodgethissecurity.com/2025/11/30/sys…

ICYMI: Managing Privileged Roles in Microsoft Entra ID: A Pragmatic Approach This article breaks down the most important Entra ID roles, including what should be considered Tier 0, Tier 1, etc. trustedsec.com/blog/managing-…

Check out our own Microsoft Certified Master Sean Metcalf as he sits down with the Petri IT Knowledgebase podcast, Petri Dish. They reveal top security risks, quick wins, and the real impact of AI on Identity Management. Watch the full episode now! hubs.la/Q03WVvcP0

We’re seeing up to 14.5 million attempts per hour to exploit the #React2Shell vulnerability across Cloudflare’s network. This is a very bad exploit. While our WAF is helping protect customers, it’s critical to update your React and Next.js instances as soon as possible.

Phishing kits like EvilGinx default to "Office Home" And now that Portal.office.com changed to Copilot Chat, attackers have easy access to discover sensitive information. Try this "AI threat hunt" to see what an attacker would find if your account was taken over.

Active Directory Hardening Series Part 1 Disabling NTLMv1 techcommunity.microsoft.com/blog/coreinfra… Part 2 Removing SMBv1 techcommunity.microsoft.com/blog/coreinfra… Part 3 Enforcing LDAP Signing techcommunity.microsoft.com/blog/coreinfra… Part 4 Enforcing AES for Kerberos techcommunity.microsoft.com/blog/coreinfra…

Active Directory Hardening Series (II) Part 5 Enforcing LDAP Channel Binding techcommunity.microsoft.com/blog/coreinfra… Part 6 Enforcing SMB Signing techcommunity.microsoft.com/blog/coreinfra… Part 7 Implementing Least Privilege techcommunity.microsoft.com/blog/coreinfra…

In this 2-part tutorial, you will learn how to deploy a Kubernetes GitOps platform using ArgoCD with MetalLB for IPs, Traefik for ingress, Rook-Ceph for storage, and Vault for secrets ➤ ku.bz/1Vp7qNFlX

We got you a gift 🎁 #Sysmon will now be a native capability in Windows 11, so Darkoperator | 🇺🇦 updated our Sysmon Community Guide! He walks through the latest update, sharing lessons learned from real-world IR engagements. Download our new PDF guide here 👉trustedsec.com/resources/tool…