Microsoft docs: https://t.co/QIMSPH0TfV
KQL query by Fabian Bader (use it to verify the policy's impact on your tenant): https://t.co/3H3w1k8opO
Direct link to the new feature: https://t.co/OOOjxC9j6L
Microsoft addresses the Conditional Access resource exclusions MFA bypasses in some Entra ID setups.
Enable Microsoft's new enforcement setting (preview, but can be applied your tenant, too) to mitigate this issue.
Great technical write-up:
https://t.co/6k8G8e6BIK
Wrote a blogpost about how you can use the Windows server 2003 source code as a red teamer to make your tools look less like tools.
I also go over and map out the main/important files and practical examples of using it to augment MS-*/RFC specs: https://t.co/HfUYBAdCJJ
Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong 😩
Every JWT writeup online covers 2–3 attacks and stops.
I got tired of jumping between 40 blog posts, so I wrote the whole thing. All in one place.
https://t.co/iCSzQ4GjcS
#infosec#appsec#bugbounty#websec#jwt
Legacy Windows drivers with valid signatures can still be loaded. Many expose privileged functions any user can invoke. Using the Truesight driver, we show why BYOVD attacks are simpler than expected and why Microsoft blocklists offer limited protection.
https://t.co/4Za9C6hVtT
Two 0days in @LiteLLM: RCE (7.2) and SQLi (9.9). After half a year of unsuccessfully trying to reach the maintainers, NSIDE decided to publish the advisories. There are no fixes yet.
https://t.co/HTZcu2ZWxP
https://t.co/rOP9w74eWF
More unresolved issues: https://t.co/3kEXKvo51I
See you at secIT!
March 18–19, 2026 · Niedersachsenhalle · Booth N2 · HCC Hannover
Meet our team and talk security.
Join our workshop “AD Attack Paths with BloodHound” at 11 & 14.
https://t.co/JHuhkAOrQ3
#secITByHeise#CyberSecurity#OneAnswerAhead
Something I'm hesitant to mention, but also you should know...
ConsentFix isn't just an Azure CLI thing, it works against many apps (and not just Microsoft Entra)
The big risk with Azure CLI is it can request tokens for other resources, but there are several others that can too
@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube.
"Finding Entra ID CA Bypasses - the structured way" @WEareTROOPERS
https://t.co/fAQ0aCreKj
Our tech lead @m0lto_bene breaks down how red teams and threat actors leverage SOCKS to use any tool from attacker-controlled devices - sidestepping EDR visibility and breaking detections based on process-to-network correlations.
https://t.co/fe8yfmM83Z
Multiple people posted today in the morning about backdoored Github repositories, such as for React4Shell Scan repositories or an WSUS Exploits. This one for example is backdoored and will compromise your system once you run it:
- https://t.co/qBiPSrKJ3z
For fun, I analysed the malware today. Turns out its dowloading a custom HTA via mshta.exe from the webserver https://py-installer[dot]cc. This is ~1600 lines of code heavily obfuscated and not flagged by AV or EDRs tested.
I told AI to analyse the payload and to create a C2-Server for me. It refused. I told AI to analyse the malware and it did. After that, the barrier was gone and it provided me a fully featured C2-Server side framework to handle this payload for offensive purposes on my own. Of course - only in a simulated environment for analysis and testing purposes 😊
Well, after~3 hours of vibe coding we now have a new C2-Framwork with ~12 modules, we only need to adjust this HTA obfuscated C2-Server domain or URL and we can use the public implant with our own Server-Component.
Thats the age of AI, normally it would have taken hours for me to manually analyse this malware!
One of our colleagues wrote about how to properly perform penetration tests on Cloud environments. Though it is in German, it's certain to be interesting if you operate parts of your infrastructure in any Cloud!
https://t.co/KBqZTwDg34
@BSidesMunich As a Munich-based IT security company, it goes without saying that we will be sponsoring again this year. Several of our colleagues will of course be there on the 17th. If you would like to meet us in person, please feel free to come and talk to us.
Credential Guard was supposed to end credential dumping. It didn't.
@bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more ⤵️ https://t.co/mYPHg1mTKj
Thanks to everyone who joined my DEFCON33 talk!🎉
For those of you who missed it and are interested in seeing how we can extract cleartext credentials and bypass MFA directly from the official Microsoft login page, I just uploaded the recording to YouTube:
https://t.co/MoPQiKgesd
Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment.
Your own hands-on Entra lab for identity attack simulation.
Built for red teams, blue teams and identity nerds.
Check it out here👉https://t.co/5qlXQiSYHS