This is amazing research. Robbe explained every step so well and provided PS command for everything! As a person who is a bit scared of all the new AI agents thingy, I really enjoyed reading this! @robbevddaele.bsky.social
hybridbrothers.com/posts/agenti...
I haven't been here for a while π It's nice to be back!
I wrote a nice post if you are interested π it contains a lot of IOCs and real-world statisticsπ©΅
www.wiz.io/blog/detecti...
Enhancements in #MicrosoftEntra (diagnostic) logs: Several interesting sign-in properties (including Session ID, status for Token Protection, or GSA traffic) have been added to the sign-in logs and available in #MicrosoftSentinel. (1/3)
11.02.2025 17:31 β π 3 π 2 π¬ 1 π 0
Some first-party apps that support ROPC flow, I see some FOCI apps in there π«£
(I tested it!)
No π₯Ί I saw it on my user, and I didn't change the password
11.02.2025 19:27 β π 1 π 0 π¬ 0 π 0Yet another time I impulsively post a random thought that appears to be wrong π₯²
11.02.2025 19:26 β π 1 π 0 π¬ 0 π 0Can someone explain what scenario can cause password failure log in non-interactive sign-in logs? π₯ @merill.net @fabian.bader.cloud
11.02.2025 18:11 β π 0 π 0 π¬ 1 π 0
I saw $batch requests on my logs so I thought you can't see the payload, but then saw this - cloudbrothers.info/en/detect-th...
So I might be wrong π₯Ί
Want to avoid microsoft graph activity log detection? Just create all your requests as $batch
And you're done π
Adding the github page :)
github.com/zh54321/Grap...
I just found out that Project Zero has released a Windows Registry Research Series, and I'm really looking forward to reading it!
googleprojectzero.blogspot.com/2024/04/the-wiβ¦
Omg I just realized all the good stuff happens here! It's like heaven of blog posts !!!
04.02.2025 06:02 β π 2 π 0 π¬ 0 π 0I love to show them the cool side of the security industry and use that to get them into things. My favorite - stuxnet. youtu.be/C8lj45IL5J4?...
25.01.2025 18:57 β π 1 π 0 π¬ 0 π 0Thats cool ! Is it a reference to the amazing white paper ? An ace up the sleeve π
14.01.2025 09:02 β π 1 π 0 π¬ 1 π 0That looks like a good one to read
14.01.2025 09:01 β π 1 π 0 π¬ 0 π 0What was your talk about? Looking forward watching it!
01.12.2024 17:18 β π 0 π 0 π¬ 0 π 0
I really enjoyed reading parts 1 and 2 of this series!π€©πͺ
www.edtechirl.com/p/gaining-in...
Hybrid attack paths sound like a crazy capability!! I love correlating stuff π
26.11.2024 04:35 β π 1 π 0 π¬ 0 π 0That's so awesome!! Thank you for the opportunity . It's so crazy to think that someone is reading my posts (and maybe even find it useful!!).
25.11.2024 05:20 β π 5 π 0 π¬ 1 π 0
Waiting for today's entra news so bad, I can't find anything to read π₯²
24.11.2024 08:53 β π 1 π 0 π¬ 0 π 0
Currently working on a cool automation that sends you a message every time something is added to version v1.0 in the changelog. Would anyone be interested in the code?
24.11.2024 08:30 β π 1 π 0 π¬ 0 π 0I just read that security defaults become disable as soon as there is at least one CAP, is this wise? In practice it can be a very specific CAP, for which many security mechanisms are lost
20.11.2024 12:17 β π 0 π 0 π¬ 1 π 0
Copilot is now part of Entra, and I wonder.
1. How does it handle permissions
2. Can we get access to data we are not supposed to be able to read
3. Does it also perform write/update actions for you, or only read?
This is going to be interesting π£
So true !!
18.11.2024 12:15 β π 3 π 0 π¬ 0 π 0Do you know if there is a large amount of entra sign-in logs example data so I can work on it? I have a cool idea π
18.11.2024 05:15 β π 0 π 0 π¬ 0 π 0
Perfect rainy morning and the new entra.news (: it's like my dad used to read the paper, but instead of wars, I read about the great new CAE video π
18.11.2024 05:14 β π 3 π 0 π¬ 1 π 0I love it here. It feels more pure π
17.11.2024 17:53 β π 2 π 0 π¬ 0 π 0Thank you for reading it π₯Ή
17.11.2024 13:17 β π 0 π 0 π¬ 0 π 0Thanks !! I really appreciate it π
17.11.2024 13:16 β π 0 π 0 π¬ 0 π 0Haha tell me about it I'm a hugeeee fan!!
17.11.2024 08:05 β π 0 π 0 π¬ 0 π 0