Eric Woodruff's Avatar

Eric Woodruff

@ericonidentity.com.bsky.social

Entra nerd currently @ #Semperis. Parent. Partner. MS Security MVP. Views are those of my cat.

1,580 Followers  |  494 Following  |  66 Posts  |  Joined: 24.04.2023  |  2.1231

Latest posts by ericonidentity.com on Bluesky

Preview
Extracting Sensitive Information from Azure Load Testing Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.

I have a new post out on the @netspi.bsky.social blog today. This one is on extracting sensitive information from the Azure Load Testing service. www.netspi.com/blog/technic...

01.07.2025 20:47 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 1    πŸ“Œ 1
Preview
Home - Eric on Identity This blog is about all things identity and identity adjacent. Right now, the focus is primarily on Azure AD and the Microsoft identity world, but it could have potential to expand in the future.

Quote of the day:
β€œMSFT has architected themselves into this corner”
#fwdcloudsec25

@ericonidentity.com

30.06.2025 20:12 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
A photo taken from a train, near Heidelberg Germany, of a crop field with some brown green grass and a hazy blue sky with a tint of orange from the sunrise. There is a reflection on the window of myself somewhat from inside the train car.

A photo taken from a train, near Heidelberg Germany, of a crop field with some brown green grass and a hazy blue sky with a tint of orange from the sunrise. There is a reflection on the window of myself somewhat from inside the train car.

Going right from @wearetroopers.bsky.social in Heidelberg to @fwdcloudsec.org in Denver ✈️ - from one excellent conference to another!

I’m looking forward to speaking Monday @ 2:00pm in track 1 on the dangers of #nOAuth, with some new and tweaked slides and talking points!

#Entra #EntraID

29.06.2025 06:54 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

nOAuth revisited by @ericonidentity.com at @wearetroopers.bsky.social

25.06.2025 14:06 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
New nOAuth Abuse Alert: Entra Cross-Tenant Saas Apps at Risk Think nOAuth abuse is old news? We wish. Our recent testing shows that nearly 10% of apps in the Microsoft Entra Gallery remain vulnerable.

At @wearetroopers.bsky.social I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well.

You can read all about it here:

#Entra #M365 #infosec

www.semperis.com/blog/noauth-...

25.06.2025 16:56 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
A photo taken from an airplane of the. There are small white fluffy clouds scattered below and a slightly hazy blue sky with white wisps above them.

A photo taken from an airplane of the. There are small white fluffy clouds scattered below and a slightly hazy blue sky with white wisps above them.

On the way to #TROOPERS25. The short flight is down… just waiting for the long one to Frankfurt.

Looking forward to talking about #nOAuth with #Entra… sadly it’s still a thing πŸ˜‘

#EntraID #infosec @wearetroopers.bsky.social

23.06.2025 21:32 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Did you know you can send LAPS passwords to Entra on Server OS? Neither did @adamgrosstx.bsky.social or I until yesterday! Just need to hybrid join the server(s) and set the GPO to backup to "AAD"! Neat!

30.04.2025 00:33 β€” πŸ‘ 15    πŸ” 4    πŸ’¬ 2    πŸ“Œ 1

In 2019, before the AZ-104 days, I failed AZ-101 the first time around…

17.04.2025 16:23 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
A picture taken from inside an airplane out the airplane window. The plane is on the ground, and the picture shows the jet bridge for the next gate with some workers outside. It’s still dark outside.

A picture taken from inside an airplane out the airplane window. The plane is on the ground, and the picture shows the jet bridge for the next gate with some workers outside. It’s still dark outside.

Obligatory photo from airplane en route to the #mvpsummit

22.03.2025 09:29 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Now do Yggdrasil 😏

20.03.2025 15:39 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
New Job! New MVP? Hi.

The last two months have been a chaotic whirlwind of emotions and activity. I needed to talk about it, so I did: jakehildreth.github.io/blog/2025/03...

09.03.2025 00:10 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Yesterday morning, I woke up to an email from Microsoft with the subject "Congratulations on your Microsoft MVP award". I immediately thought it was a phish, but I dug a bit further.

It's real! 🀯 I was selected as an MVP in "PowerShell" and "Identity & Access"!

02.03.2025 10:55 β€” πŸ‘ 51    πŸ” 4    πŸ’¬ 3    πŸ“Œ 0
Post image

πŸ“’ To all attendees, sponsors, and speakers of MC2MC Connect!

πŸ“Έ We have uploaded all the event photos to the Gallery page on the MC2MC Connect website, so you can look back and relive the day!

πŸ”— connect.mc2mc.be/gallery/

#MC2MC #ConnectMC2MC #MC2MCConnect

25.02.2025 15:54 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
IDPro 2025 Skills, Programs, and Diversity Survey Take this survey powered by surveymonkey.com. Create your own surveys for free.

If you work in, around, near, adjacent, or so on, to #identity, including #infosec and #Entra, you should fill out the #IDPro skills survey. It takes five minutes and really helps in understanding the industry landscape.

www.surveymonkey.com/r/L9QB6T2

20.02.2025 20:16 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
An interesting M365 billing scam - Eric on Identity A look at a recent spam scam email that I received, trying to understand what mechanism the attacker is using to deliver the scam email.

I received an interesting #M365 subscription email the other week, that turned out to be a scam.

I figured I'd pick it apart, and found it curious enough to share the details.

#entra #infosec #m365security #azure

ericonidentity.com/2025/02/20/a...

20.02.2025 14:27 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Not yet… 😬. Congrats to you though! I’m hoping I’ll be there regardless of speaking to catch your talk!

04.02.2025 23:48 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
still in our jammies i see written on a netflix screen ALT: still in our jammies i see written on a netflix screen
29.01.2025 22:24 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

We’re pleased to announce the next speaker for MC2MC Connect: @ericonidentity.com πŸš€

In this session, Eric will dive deep into the most common questions about app registrations, enterprise apps, and service principals. πŸ”πŸ›‘οΈ

πŸ”— tinyurl.com/5dxvnsn4

#MC2MC #ConnectMC2MC

28.01.2025 11:09 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Zuckerberg 'Loves' AI Slop Image From Spam Account That Posts Amputated Children Zuckerberg seems to enjoy the spam that has taken over his flagship product.

Zuckerberg "loved" an AI slop image on a spam page that also posts AI images of children with amputations, elderly people, fake images of graves, links offsite to ad-loaded pages, etc. Exciting stuff for me

www.404media.co/zuckerberg-l...

22.01.2025 19:39 β€” πŸ‘ 182    πŸ” 35    πŸ’¬ 9    πŸ“Œ 2
Preview
Spying on your ISVs credential choices - Eric on Identity Examining Entra ID sign-in and graph activity logs to determine what type of credentials your ISVs use in their multi-tenant applications.

If you consume multi-tenant apps in #EntraID, and they’ve been granted consent to do things in your tenant, you can spy on the auth choices your vendor makes - secrets or certs - in the logs available in your #Entra tenant.

#infosec #m365 #azure

ericonidentity.com/2025/01/13/s...

16.01.2025 12:12 β€” πŸ‘ 11    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Oh I’ve submitted a few things at various places… hoping to be at Identiverse one way or another this year

10.01.2025 21:52 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

With all the speaking I burnt and crashed a bit towards the end of 2024. I plan on writing about the speaking experience… but first hoping to get back into writing more as I research stuff. Hope to have both a personal blog and Semperis blog article out this week 🀞.

09.01.2025 00:33 β€” πŸ‘ 8    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
A screenshot of a portion of an email from MSRC for the 2024 W4 leaderboard with two valid cases totaling 75 points.

A screenshot of a portion of an email from MSRC for the 2024 W4 leaderboard with two valid cases totaling 75 points.

Looking forward to when I can talk about the more interesting case πŸ‘€ #MSRC #Entra

04.01.2025 20:57 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Yup 🫑

19.12.2024 14:24 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

From what I gathered listening to it the other week at a partner event my takeaway was scenario #1 as well. I was going to ask the question in line with what you’re wondering; or at least I was wondering about fidelity/granularity. But I already was scolded for asking non-sales questions πŸ˜›

13.12.2024 22:34 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Great advice; received a variant of this last week that had an old password I used to use in it πŸ˜…

13.12.2024 22:30 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph πŸ˜ƒ

12.12.2024 16:00 β€” πŸ‘ 46    πŸ” 20    πŸ’¬ 3    πŸ“Œ 1

Pretty sure the two green checkmarks means it’s doubly verified valid

11.12.2024 21:57 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
NTLM v1 is removed from the latest version of Windows

NTLM v1 is removed from the latest version of Windows

Oh by the way

06.12.2024 01:08 β€” πŸ‘ 102    πŸ” 35    πŸ’¬ 9    πŸ“Œ 6

The Moynihan Train Hall Starbucks is an absolute machine of efficiency.

05.12.2024 13:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@ericonidentity.com is following 20 prominent accounts