@sapirxfed.bsky.social
π€ 684
π₯ 39
π 43
Security researcher. I have a blog:
https://sapirxfed.com
This is amazing research. Robbe explained every step so well and provided PS command for everything! As a person who is a bit scared of all the new AI agents thingy, I really enjoyed reading this!
@robbevddaele.bsky.social
hybridbrothers.com/posts/agenti...
loading . . .
Remediating Agent Identities for Identity Admins and SOCs | Hybrid Brothers
With Microsoft launching Agent ID at the end of 2025, a new kind of identities were born in Entra ID. These identities are specially built for dynamic requirements of AI Agents, and is therefore a com...
https://hybridbrothers.com/posts/agentid-remediation/#agent-identity-concepts-in-entra-id
3 months ago
0
0
0
I haven't been here for a while π It's nice to be back! I wrote a nice post if you are interested π it contains a lot of IOCs and real-world statisticsπ©΅
www.wiz.io/blog/detecti...
loading . . .
Uncovering Malicious OAuth Campaigns in Entra ID | Wiz Blog
Learn how Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns.
https://www.wiz.io/blog/detecting-malicious-oauth-applications
3 months ago
0
2
0
reposted by
Thomas Naunheim
over 1 year ago
Enhancements in
#MicrosoftEntra
(diagnostic) logs: Several interesting sign-in properties (including Session ID, status for Token Protection, or GSA traffic) have been added to the sign-in logs and available in
#MicrosoftSentinel
. (1/3)
1
3
2
Some first-party apps that support ROPC flow, I see some FOCI apps in there π«£ (I tested it!)
over 1 year ago
1
2
0
Can someone explain what scenario can cause password failure log in non-interactive sign-in logs? π₯
@merill.net
@fabian.bader.cloud
over 1 year ago
1
0
0
Want to avoid microsoft graph activity log detection? Just create all your requests as $batch And you're done π
over 1 year ago
1
5
0
I just found out that Project Zero has released a Windows Registry Research Series, and I'm really looking forward to reading it!
googleprojectzero.blogspot.com/2024/04/the-wiβ¦
over 1 year ago
0
4
0
Omg I just realized all the good stuff happens here! It's like heaven of blog posts !!!
over 1 year ago
0
2
0
That looks like a good one to read
add a skeleton here at some point
over 1 year ago
0
1
0
I really enjoyed reading parts 1 and 2 of this series!π€©πͺ
www.edtechirl.com/p/gaining-in...
loading . . .
Gaining Initial Access Part 1: How Do Attackers Find People to Target?
A look at how to enumerate users accounts in a M365 tenant
https://www.edtechirl.com/p/gaining-initial-access-part-1-how
over 1 year ago
0
2
0
Hybrid attack paths sound like a crazy capability!! I love correlating stuff π
add a skeleton here at some point
over 1 year ago
0
1
0
Waiting for today's entra news so bad, I can't find anything to read π₯²
over 1 year ago
0
1
0
Currently working on a cool automation that sends you a message every time something is added to version v1.0 in the changelog. Would anyone be interested in the code?
over 1 year ago
0
1
0
I just read that security defaults become disable as soon as there is at least one CAP, is this wise? In practice it can be a very specific CAP, for which many security mechanisms are lost
over 1 year ago
1
0
0
Copilot is now part of Entra, and I wonder. 1. How does it handle permissions 2. Can we get access to data we are not supposed to be able to read 3. Does it also perform write/update actions for you, or only read? This is going to be interesting π£
add a skeleton here at some point
over 1 year ago
1
3
0
So true !!
add a skeleton here at some point
over 1 year ago
0
3
0
Do you know if there is a large amount of entra sign-in logs example data so I can work on it? I have a cool idea π
over 1 year ago
0
0
0
Perfect rainy morning and the new
entra.news
(: it's like my dad used to read the paper, but instead of wars, I read about the great new CAE video π
over 1 year ago
1
3
0
I love it here. It feels more pure π
over 1 year ago
0
2
0
Saturday study session π any good reading materials?
over 1 year ago
2
5
0
Wrote a small post sharing my random thoughts on some key sign-in fields!π if you're into security logs and detection ideas- you might enjoy it! More rambling to come! π
sapirxfed.com/2024/11/14/e...
loading . . .
Entra Sign-In logs hidden gems
This short post is here to raise awareness about some super useful fields in the sign-in logs. We all know how essential these logs areβif you want to get things done in the cloud, it usually startβ¦
https://sapirxfed.com/2024/11/14/entra-sign-in-logs-hidden-gems/
over 1 year ago
4
25
6
I have a day off of work today. So, I'm writing a short post for my blog!
over 1 year ago
0
2
1
No more depression posts on this social media platform! I'm a new, optimistic person!
over 1 year ago
2
1
0
Let's create a discussion about
#Entra
device id in the Sign in logs. For me, it's completely voodoo. One time, my registered device id was PIO, and the next time, it was just exposed there.
over 1 year ago
1
1
0
One day, you are nothing, and the next day, you are
#AADInternals
contributer π
over 1 year ago
0
5
0
OK, I'm here. Now what ?
@xpnsec.com
π
over 1 year ago
1
6
2
you reached the end!!
feeds!
log in
