Wessel Hissink Profile
Wessel Hissink

@WesSec_

Followers
236
Following
2K
Media
51
Statuses
308

Things I say on Twitter are personal opinions and views. Team Blue | DFIR | Bug bounties Full time Blood Glucose manager

Joined February 2016
Don't wanna be here? Send us removal request.
@WesSec_
Wessel Hissink
2 days
How to have fun in 2025:
Tweet media one
0
0
0
@WesSec_
Wessel Hissink
2 days
❌ LLM reversing with boring standard language.✅ LLM reversing with an occasional pirate reference
Tweet media one
1
0
1
@WesSec_
Wessel Hissink
7 days
Mercedes will let you onboard your car in Intune? This is the stupidest thing I've heard this week.
1
1
7
@WesSec_
Wessel Hissink
14 days
About 5 years too late….
@MSFT365Status
Microsoft 365 Status
14 days
We're investigating an issue where some users may be experiencing issues with Microsoft Teams. Please look for TM1112332 in the admin center for more updates.
0
0
1
@WesSec_
Wessel Hissink
22 days
I had a small injury in my wrist, so I got an "ergonomic" mouse which forced me to position my hand in a specific way. Result: My keyboard shortkey usage tripled and I barely touch the mouse anymore.
0
0
0
@WesSec_
Wessel Hissink
2 months
ancient hardware ain't stopping me
Tweet media one
0
0
2
@WesSec_
Wessel Hissink
2 months
Need USB - TTL, found a cable on the bottom of my "cable box", cable didn't work, looks at device manager:
Tweet media one
1
0
1
@WesSec_
Wessel Hissink
3 months
PopOS! is underrated.
@NetworkChuck
NetworkChuck
3 months
Some of you need to hear this. Just because @pewdiepie installed Arch Linux doesn’t mean you need to. Ubuntu is fine. PopOS! Is fantastic. Only go down the Arch path if you have a lot of time on your hands or you want to be better than everyone else. :).
0
0
1
@WesSec_
Wessel Hissink
3 months
Using an iPhone in 2025 feels like being stuck in 2015.
0
0
1
@WesSec_
Wessel Hissink
4 months
Nice milestone yesterday: got my first paid bounty for a responsible disclosure find. Had hall of fame mentions before, but never received a financial reward. Funfact, it was for a report from over 2 years ago. I’m not in the game for money, but it still feels like an achievement.
2
0
11
@WesSec_
Wessel Hissink
4 months
I do actually see the value in read only stuff, but please,,, keep that stuff local. .
0
0
0
@WesSec_
Wessel Hissink
4 months
It's a great idea to submit your whole AD forest to Claude!! (/s). I feel sorry for the peeps testing this in production (with write rights) and see their AD being demolished in seconds.
@LazyAdmin
Ruud
4 months
Managing Active Directory just got easier. I built Koppla, a local MCP server that lets you interact with AD using natural language. No scripting, no hassle—just clear results. Works with Claude Desktop & GitHub Copilot. Let me know what you think!.
Tweet media one
1
0
1
@WesSec_
Wessel Hissink
4 months
With this KQL query, quickly check if apps with Mail.Send permission actually are sending mails or if they're overprivileged. Is there a repo combining permissions with graph endpoints? Could be interesting.
Tweet card summary image
gist.github.com
Get overpermissioned Mail.Send applications. GitHub Gist: instantly share code, notes, and snippets.
0
0
1
@WesSec_
Wessel Hissink
5 months
Friday morning shenanigans, from "why is this feature so slow" to a responsible disclosure email in 60 minutes. Hopefully I'll be able to blog about this one, stay tuned. .
0
0
4
@WesSec_
Wessel Hissink
5 months
"When eM Client is first granted permissions within a tenant, a service principal is created in Entra ID.". It's good practice to monitor for all service principal creations, here is a simple KQL query to do so:.(exclude automated/non user stuff).
Tweet card summary image
gist.github.com
Monitor service principal accounts. GitHub Gist: instantly share code, notes, and snippets.
@InvictusIR
Invictus Incident Response
5 months
And we are live. Enjoy the highly anticipated forensics deep dive on #eMClient.
Tweet media one
0
5
28
@WesSec_
Wessel Hissink
5 months
Today is a good day to check who and what as access to your data. Google: Microsoft:
@cyb3rops
Florian Roth ⚡️
5 months
Welcome to the era of the token. In the past, attackers had to breach networks, bypass security controls, escalate privileges, and evade detection just to reach confidential data. Now? A single OAuth authorization - granted with one click - can hand over access to emails, files,.
0
0
1
@WesSec_
Wessel Hissink
5 months
We need to stop calling everything a critical vulnerability. You're only vulnerable if you have VerifyHostKeyDNS enabled (it's disabled by default and only enabled in specific situations).
@0x534c
Steven Lim
5 months
🚨 Critical OpenSSH Vulnerabilities – Patch Prioritization. KQL to identify all your internet facing OpenSSH servers vulnerable to CVE-2025-26466 and CVE-2025-26465. Get your engineers prioritize patching these servers to version 9.9p2 that is released today. Shields Up Scotty!
Tweet media one
0
0
4
@WesSec_
Wessel Hissink
5 months
This is a heavily overlooked topic in the field. Protect your tokens.
@merill
Merill Fernando
5 months
I came across GraphPreConsentExplorer which lets you extract a list of first party apps and their pre-consented permissions . 👇.
Tweet media one
Tweet media two
Tweet media three
0
0
0
@WesSec_
Wessel Hissink
7 months
@BertJanCyber BTW: the neat trick used by attackers is that Microsoft AD Graph activity is not logged, when the Microsoft Graph API is used, you should be able to detect the actual activity (beyond authentication) via MicrosoftGraphActivityLogs table.
2
0
2