Mai 2024 KQL Café RecapIn May I had the pleasure to be invited to the KQL Café which is hosted by Gianni Castaldi & Alex Verboon. Within this format they empower…Jul 1Jul 1
AiTM Phishing with Azure FunctionsPoC for an Azure AiTM Function to phish Entra ID credentials and bypass canary token detections.Apr 12Apr 12
Have you heard about passkeys and AAGuids?With the availability of passkeys the FIDO2 standards become more accessible in the form of password managers, web-browsers and (mobile)…Dec 1, 20232Dec 1, 20232
Enriching Microsoft Sentinel tables with eligible Entra directory rolesMicrosoft 365 Defender and Sentinel provide an IdentityInfo table that contains various information that is helpful for threat hunting and…Nov 17, 2023Nov 17, 2023
Maintaining Microsoft Sentinel Analytic Rules in JSON and YAML with GitHub ActionsMicrosoft Sentinel Analytic Rules can be shared in both the YAML and ARM format, whereas the ARM format leverages JSON as file type. Within…Nov 13, 20231Nov 13, 20231
Have you heard of workload identity access token replay?Microsoft recently made the Microsoft Graph Activity Logs available as part of the Microsoft Entra ID diagnostic settings. This means we…Nov 8, 2023Nov 8, 2023
Entra Connect HardeningAn actionable list of hardening measures for your Entra Connect Sync server’s service accounts.Sep 24, 2023Sep 24, 2023
Why you should use Entra Workload Identity FederationMicrosoft Entra Workload Identity Federation is a hidden gem when dealing with app registrations and service principals because it will…Sep 7, 2023Sep 7, 2023
Retrieving Windows LAPS Azure AD Passwords with PowerShellDid you know that for the new Windows LAPS Azure AD is also maintaining the password history? The built in PowerShell commandlet relies on…May 10, 2023May 10, 2023
Provoking Defender for Identity suspicious certificate usage alertsMicrosoft Defender for Identity (MDI) has announced a new capability to detect suspicious certificate usage for Kerberos…Apr 11, 2023Apr 11, 2023
