Dirk O'Client 🥨🛣️

Microsoft updates mitigation guidance for Windows BitLocker security feature bypass vulnerability with a NEW script! The updated guidance replaces previously documented manual mitigation steps with a script that helps reduce exposure while a future security update is developed to address this vulnerability. The Windows versions below are affected: - Windows 11 26H1 - Windows 11 25H2 - Windows 11 24H2 - Windows Server 2025 Windows devices that use BitLocker may be exposed to this vulnerability if mitigations are not applied. Organizational environments that previously implemented the documented manual mitigation steps do not need to take additional action, as the script only simplifies deployment of the existing mitigation. Learn more: https://t.co/jbLXPHfnhu #Microsoft #Windows #Bitlocker #Cybersecurity

Yes. Attackers can create hidden admin accounts on Windows that fly completely under the radar. The most common method is registry manipulation. By modifying a specific key under HKLM\SAM, they can create an account that doesn’t appear on the login screen or in normal user management tools. It shows up nowhere a regular user would look. Another approach is cloning an existing account. Attackers copy the RID of a legitimate admin account onto a low-privilege or guest account. On the surface it looks harmless. Under the hood it has full admin rights. Net user commands can also create accounts that blend in with system defaults, especially if named something generic like $ appended accounts, which Windows hides from standard directory listings by design. How to actually catch it: Run net user and wmic useraccount list full and compare results. Discrepancies are a red flag. Check the SAM registry directly or use tools like Autoruns and GMER. Review Event ID 4720 (account created) and 4728/4732 (group membership changes) in the Security event log. Most people never check. That’s exactly why it works.

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L

https://t.co/EEN2QG719D Built a self-updating Intune docs tracker styled like a broadsheet newspaper. GitHub Actions fetches the Microsoft Learn RSS feed every 6 hours, categorizes updates, and publishes to GitHub Pages, so zero maintenance. Serif type, two-column grid, lead stories. The Intune admin gazette nobody asked for. 📰

Microsoft finally introduces Group Insights in Microsoft Entra ID! Organizations should look into their groups and clean them up regularly. Yet tenant-wide statistics show that very few actually do. This changes now. The Groups Insights dashboard now provides immediate visibility into common group hygiene and governance gaps, such as: - Groups with no owners - Groups with service principals as owners - Groups with guest users as owners - Groups with complicated rules - Groups with low efficient operators - Newly created groups - Expiring groups - Soft deleted groups - Restored groups - Groups without sensitivity labels #EntraID #Microsoft365 #Microsoft