@sapirxfed.bsky.social
π€ 676
π₯ 38
π 41
Security researcher. I have a blog:
https://sapirxfed.com
reposted by
Thomas Naunheim
8 months ago
Enhancements in
#MicrosoftEntra
(diagnostic) logs: Several interesting sign-in properties (including Session ID, status for Token Protection, or GSA traffic) have been added to the sign-in logs and available in
#MicrosoftSentinel
. (1/3)
1
3
2
Some first-party apps that support ROPC flow, I see some FOCI apps in there π«£ (I tested it!)
8 months ago
1
2
0
Can someone explain what scenario can cause password failure log in non-interactive sign-in logs? π₯
@merill.net
@fabian.bader.cloud
8 months ago
1
0
0
Want to avoid microsoft graph activity log detection? Just create all your requests as $batch And you're done π
8 months ago
1
5
0
I just found out that Project Zero has released a Windows Registry Research Series, and I'm really looking forward to reading it!
googleprojectzero.blogspot.com/2024/04/the-wiβ¦
8 months ago
0
4
0
Omg I just realized all the good stuff happens here! It's like heaven of blog posts !!!
9 months ago
0
2
0
That looks like a good one to read
add a skeleton here at some point
9 months ago
0
1
0
I really enjoyed reading parts 1 and 2 of this series!π€©πͺ
www.edtechirl.com/p/gaining-in...
loading . . .
Gaining Initial Access Part 1: How Do Attackers Find People to Target?
A look at how to enumerate users accounts in a M365 tenant
https://www.edtechirl.com/p/gaining-initial-access-part-1-how
11 months ago
0
2
0
Hybrid attack paths sound like a crazy capability!! I love correlating stuff π
add a skeleton here at some point
11 months ago
0
1
0
Waiting for today's entra news so bad, I can't find anything to read π₯²
11 months ago
0
1
0
Currently working on a cool automation that sends you a message every time something is added to version v1.0 in the changelog. Would anyone be interested in the code?
11 months ago
0
1
0
I just read that security defaults become disable as soon as there is at least one CAP, is this wise? In practice it can be a very specific CAP, for which many security mechanisms are lost
11 months ago
1
0
0
Copilot is now part of Entra, and I wonder. 1. How does it handle permissions 2. Can we get access to data we are not supposed to be able to read 3. Does it also perform write/update actions for you, or only read? This is going to be interesting π£
add a skeleton here at some point
11 months ago
1
3
0
So true !!
add a skeleton here at some point
11 months ago
0
3
0
Do you know if there is a large amount of entra sign-in logs example data so I can work on it? I have a cool idea π
11 months ago
0
0
0
Perfect rainy morning and the new
entra.news
(: it's like my dad used to read the paper, but instead of wars, I read about the great new CAE video π
11 months ago
1
3
0
I love it here. It feels more pure π
11 months ago
0
2
0
Saturday study session π any good reading materials?
11 months ago
2
5
0
Wrote a small post sharing my random thoughts on some key sign-in fields!π if you're into security logs and detection ideas- you might enjoy it! More rambling to come! π
sapirxfed.com/2024/11/14/e...
loading . . .
Entra Sign-In logs hidden gems
This short post is here to raise awareness about some super useful fields in the sign-in logs. We all know how essential these logs areβif you want to get things done in the cloud, it usually startβ¦
https://sapirxfed.com/2024/11/14/entra-sign-in-logs-hidden-gems/
11 months ago
4
25
6
I have a day off of work today. So, I'm writing a short post for my blog!
11 months ago
0
2
1
No more depression posts on this social media platform! I'm a new, optimistic person!
11 months ago
2
1
0
Let's create a discussion about
#Entra
device id in the Sign in logs. For me, it's completely voodoo. One time, my registered device id was PIO, and the next time, it was just exposed there.
11 months ago
1
1
0
One day, you are nothing, and the next day, you are
#AADInternals
contributer π
11 months ago
0
5
0
OK, I'm here. Now what ?
@xpnsec.com
π
11 months ago
1
6
2
you reached the end!!
feeds!
log in
