@gabsmashh This is such AI written slop. After reading the original report I'm pretty sure this is a specific tenant misconfig and not something generic
If anybody is interested in Azure DevOps and how attackers might go about abusing OIDC connections used in pipelines then check out my colleague’s latest blog!
labs.reversec.com/posts/2025/07/…
Last talk shout out for @nojonesuk and @_Skybound who talked about how to build a new AWS environment. By consultants for consultants and without any extra external consultants! Worth a check out if you’re interested in some of the challenges we faced
youtu.be/rai0bTOamG0
My talk was published mega quickly as its own video by @fwdcloudsec (thanks btw!)
So feel free to check it out if you wanna learn some fun SharePoint research outcomes and learn about a “pre-signed url” equivalent method of accessing SharePoint files!
youtu.be/l5lpIF_QZCE
Check out @_sigil 's talk on Entra 1st-party service principal abuse currently airing at fwd:cloudsec youtube.com/watch?v=0BTBK3…
Deffo a good watch in the current livestream or when the individual talk video drops later on in the channel
Heya got a talk happening later today pretalx.com/fwd-cloudsec-2… where I’m gonna talk about some interesting SharePoint findings! Last one will be particularly interesting to folk 👀
Should be at this live stream youtube.com/live/Vb_MyY3RQ…
Hey @NathanMcNulty gathering some data and wanted to get your thoughts.
On the topic of exclusions, what are the best approaches for Conditional Access in Entra and exclusions for endpoints in MDE in the context of a large enterprise?
CA policies I'm a fan of Restricted AU sec…
An in-depth look at the recently published EchoLeak vulnerability on M365 Copilot by @Aim_Security_ that could lead to data exfiltration just by sending an email to a user who uses Microsoft Office365 Copilot.
youtu.be/Myf1cLsUxsk
I love how when I'm testing CA policies I can just google around a bit and find @NathanMcNulty 's detailed guides around some of the issues😂
P.S Also pro-tip for people playing with attributes remember that there is an Attribute assignment AND definition adm role
I love how when I'm testing CA policies I can just google around a bit and find @NathanMcNulty 's detailed guides around some of the issues😂
P.S Also pro-tip for people playing with attributes remember that there is an Attribute assignment AND definition adm role
This is truly amazing. The Deputy White House Press Secretary is claiming that I'm wrong, and that the "tariff rates" on Trump's chart were calculated by "literally" measuring every country's tariffs and non-tariff trade barriers.
To prove it, he screenshots the formula the USTR…
With a process that began two and a half years ago, I'm very excited to announce that I've written a book with @nostarch! 🎉
"Practical Purple Teaming" tells you all you need to know to get started with collaborative offensive testing.
nostarch.com/purple-teaming
Obligatory tactical repost of my talk from @Disobey_fi this year!
Hopefully people use this to get inspired and show us some more cool less explored attack surfaces in Entra and Azure
youtu.be/iwLaWPisu64?si…
Yo check out my friend James’ talk on protocol confusion attacks
Deffo an excellent use of 40 mins if you’re into cool lower-level attacks
youtu.be/gcsdrQH0fOQ?si…
2K Followers 672 FollowingDavid H Hoyt LLC | Targeting the Full Stack: SS7, PSTN & IP since 1994 | Security Research & Quality Assurance | https://t.co/JHgCqazAwL | https://t.co/FhOaVq61pF | https://t.co/aKNaRjnysT
11K Followers 6K FollowingAppSec Village @DEFCON & @RSAConference
A volunteer-run, non-profit focused on education, awareness, and community. Founded by @erezyalon and @tzionit411.
68K Followers 6K FollowingCurrent: @NCITE_COE — I read a lot of court records because I like a good story. Won a Pulitzer that one time. “A well-known PACER watcher” - Justice Department
2K Followers 672 FollowingDavid H Hoyt LLC | Targeting the Full Stack: SS7, PSTN & IP since 1994 | Security Research & Quality Assurance | https://t.co/JHgCqazAwL | https://t.co/FhOaVq61pF | https://t.co/aKNaRjnysT
155K Followers 0 FollowingThe free and flexible app for your private thoughts. For help and deeper discussions, join our community: https://t.co/QsDArfFkkv
1.0M Followers 4K Followingjournalist. sign up for my newsletter, Public Notice (link below). Powered by @SnapStream (more info: https://t.co/2oHPuuFBnN).
1K Followers 4K FollowingDedicated cheap skater who keeps data. I do cloudy stuff and things. Cloud Security Forum moderator and a fwd:cloudsec organizer
2K Followers 712 FollowingSecurity researcher @SemperisTech. Microsoft Security MVP, Entra nerd. Part-time hiker, full-time dad and partner. Opinions expressed are from my cat.
219 Followers 775 FollowingDisclaimer: Does not represent professional advice, opinions, or employer. CTI-League Member. Former Fortinet. Former Symantec. Former Big4. Former Transformer.
98 Followers 889 FollowingThreat hunter, Incident Responder, love Technology and I love reading articles and playing with new TTPs. Always learning something new...
3K Followers 2K FollowingPowerShell MVP that is passionate about helping others succeed with Active Directory, Entra ID, Defender XDR, and Microsoft 365. Always learning! ✝️👨👩👧👦☕