Olivia
Online
passtheprt
@passtheprt
Mainly interested in offensive security, especially cloud. Create shareholder value. Personal account. Does not reflect my employers opinion.
Joined April 2025
241 Following
28 Followers
122 Posts
@notbrvnd0n For sure :D requires a bit of patience for eu shipping but quality is amazing
@merill Tokenmaxxing 🥰
@merill Looking really forward to Scout. It sounds amazing although I wouldn't want to let it loose without Purview or Agent ID properly configured first. Currently I'd also take the standpoint to let other orgs. pilot it first. :D
If I ever wanted a stealthy display name for my Enterprise Application, I’d call it „ADIbiziaUX“ - I bet you that almost no Entra ID Admin would want to disable that.
@pfransces @Cyb3rMonk Yes, indeed, this would solve most phishing scenarios, as the access token cannot be forged on the AiTM proxy, since the device does not meet the requirement due to according CAP.
Generally speaking, you should probably block alternative auth flows anyway.
@alitajran @Cyb3rMik3 shouldn't we create an additional CA Policy that blocks high-risk agents from accessing all agent resources?
@Cyb3rMonk @pfransces Definitely it has its valid use cases. I wasn’t precise enough in my previous reply. It should be limited to specific personas, such as developers, to limit blast radius.
In reality, it often remains available for all users, which is not necessary
@Cyb3rMonk @pfransces Even though DCF abuse is frequently in the news, the reality is that it’s still not blocked in a lot of orgs. I see it daily in SMB as well as huge organizations.
@Cyb3rMonk @pfransces Ideally, you would assign a DcF Access Package to developers who require it, which would temporarily exclude them from a blocking policy.
@alitajran hi,
I've seen your new post about blocking high-risk agents from accessing all resources.
Building on that, shouldn't we create an additional CA Policy that blocks high-risk agents from accessing all agent resources?
@fabian_bader @_dirkjan Cannot silently enumerate a tenant's CA policies anymore 😔👊 (if you have detections in place)
@merill I totally agree with you here. Every user with a passkey is a more secure user. I'm just generally trying to debunk the assumption that having passkeys = enforcing passkeys, which also means that you are still vulnerable to AiTM.
@RidgelineCyber Not sure if I'm still talking to a human at this point, but no, you need both controls. Require Compliant Device and also Limit Device Join Action.
@ClaudeDevs It’s concerning that Claude devs have not noticed this lack of quality in the product. It makes me wonder if there’s no quality assurance in place.
@mozzeph Reminds me of a course I took, something about actor tokens 🤔🤔
@fabian_bader Scawyyyy
@UK_Daniel_Card Claude code has been substantially nerfed.
Before, you were at least able to reason with it to continue building. Really not fun ATM; though I haven't tested in a minute..
Last Seen Users on Sotwe
put
Seen from Indonesia
Shafiq Hamdan
Seen from Malaysia
GayMovie
Seen from Spain
ชอบเย็ด สาวใหญ่อวบๆ
Seen from Thailand
خام الحصري
Seen from Germany
DOYAN WOT GOYANGAN INDO
Seen from Indonesia
Julak Santai
Seen from Indonesia
Shalini Divya
Seen from India
Toket Besar
Seen from Indonesia
หนองคายเย็ดกะใครได้บ้าง
Seen from Thailand
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers