There are many people who inspire me, but @_dirkjan tops the list.🤭 Beyond being a genius, he’s also one of the kindest people in our community. This episode by @merill shows it perfectly 😀 https://t.co/yoysUipayh

Happy to share that I've joined @FujitsuOfficial! I will be doing the same thing, so stay tuned for the next technique I’ll be dropping 🔥

@TEMP43487580 is one of the most brilliant hackers I’ve ever met. He taught me countless things, far more than I could ever put into a single post. I strongly recommend you follow him instead of me! (yes I'm 100% serious!😄) It was a great pleasure working with you...😎

Restricting Entra ID Device join via a group managed by an Access Package could stop this Intune Enrollment Restriction bypass technique. For example create an Entra ID access package to onboard new employees and then they are removed from the group after 3 days. They can

I just started a new blog, and this is my first post. I took a bit of PTO, so this is a little record of some fun I had playing around with Intune during that time. It's about enrollment restriction bypass😄 https://t.co/o9CcXHN4b8

might be a useful endpoint to see if the target tenant can use Intune for device management? It returns error with the tid of my another tenant where Intune tiral license has ended.

#TROOPERS25 AD & Entra ID Security track resources, on the @ERNW_ITSec blog @Insinuator Featuring @Jonas_B_K @martinhaller_IT @TEMP43487580 @JsQForKnowledge @fabian_bader @_dirkjan @ShitSecure @DrAzureAD @kazma_tw @subat0mik @unsigned_sh0rt @ericonidentity https://t.co/dmbl9iZSPj

This is awesome work @TEMP43487580 ! SCCM recon from the MP

Turns out I wasn’t the only one talking to management points for profiling SCCM sites lol @unsigned_sh0rt breaks down the mechanism in detail. Highly recommend his article! https://t.co/gzmJTgiXYm

Uploaded mprecon, a tiny script I made while learning SCCM. It pulls info from MP server like DP locations, site version, build number, SMSID, and device's primary user etc. No special privileges are required. Sometimes works without authentication🤯

The slides from #TROOPERS25 are now available🔥 The key point in the talk is that Device Registration Service is often forgotten in Conditional Access, leading to various abuse. This talk introduces one of the examples and explains lateral movement tips. https://t.co/gUcMFvRkxI

GraphSpy was extremely powerfull in the last engagement, and happy to see pytune integrated with it👏

Since several people already asked: the slides from @fabian_bader and myself for @WEareTROOPERS are available! "Finding Entra ID CA bypasses-the structured way". We talked about FOCI, BroCI, CA bypasses, scopes and getting tons of tokens. Check it at

Also dropping the link to the new feature added to BAADTokenBroker. https://t.co/dRkG01KB66

It was great to attend #TROOPERS25! Beautiful city, nice weather, talented researchers. My talk was just based on how Entra works but I hope it contributed to the community. Thanks for everyone I had a chance to talk to! No jet lug now. Time to go home😂 https://t.co/VPV45RsbmE

One of the results of the joined research with @_dirkjan is https://t.co/Garwvx3Bzy Basically the yellow pages for Microsoft first party apps. #TROOPERS25

Excited to share that our proposal for BSidesLV, led by Fumiya IMAI, got accepted! Stay tuned for more details!

👏

Happy to share that my talk "The Ultimate Guide for Protecting Hybrid Identities in Entra ID" was accepted to @WEareTROOPERS! https://t.co/y6OS9JW4x3

Incredible line-up for the #TROOPERS25 AD & Entra ID Security Track, featuring @Jonas_B_K @martinhaller_IT @_dirkjan @fabian_bader @DrAzureAD @ShitSecure @subat0mik & many more https://t.co/9Yk5PkhgBZ