Attention malware analysts 💻 Our latest blog post delves into Time Travel Debugging (TTD). We introduce the basics of WinDbg and TTD to help you start incorporating TTD into your analysis. 📄: https://t.co/07y5dniRy9

Identity is THE challenge.

i just hit my 2 year anniversary working at @CrowdStrike yesterday and these are some of the top things i’ve learned (in no specific order): 1. a vast majority of attacks nowadays are identity-based (malware-less); have a solid IAM strategy and constantly re-evaluate.

#ElasticSecurityLabs uncovers #RONINGLOADER, a multi-stage loader utilizing signed drivers, PPL abuse, CI Policies, and other evasion techniques to deliver #DragonBreath's gh0st RAT variant. Check it out at https://t.co/Df8JLO6w4d

👋 Folks, I'm super excited to announce the launch of the Microsoft Zero Trust Assessment! I've been working on this project for the past year at Microsoft with an extended team including our security researchers, product feature teams and docs Here's what it does 🧵👇

The November 2025 security updates are available:

A web interface designed to parse and analyze Entra ID logs for investigations, detections, etc. Built for security teams who need quick insights into sign-ins, audit, and anomalies without touching the raw JSON. Explore it here https://t.co/jgHb5BiIz1 https://t.co/RmfLigFDJn

Security alert-themed #phishing activity: emails appear to be sent from the recipient's own domain. These emails ask recipients to release blocked messages, but they lead to fake webmail login pages prefilled with the recipient's email address. Details at https://t.co/OYXKyMLgVK

One compromised Microsoft Entra ID or Azure account can lead to a full tenant takeover. Our new framework ranks roles by risk and adds strong MFA + secure admin workstations to protect the most critical accounts. Read the whitepaper: https://t.co/9NMapg6mVj

If you’re threat hunting in Windows, these Event IDs are your goldmine. 💎 From failed logons to PowerShell abuse & privilege escalation, knowing which logs matter most can slice your investigation time in half. ⚡ 📌 Pro tip: Correlate multiple Event IDs; attackers never leave

Excellent summary of Sign-in Frequency in Entra ID. Keep usage to specific apps, Identity Protection CAPs, Authentication Context and privileged users. At least try out the various scenarios yourself first, it’s a good experience to actually test instead of just assume things.

Hello my new friends EntraIdSignInEvents and EntraIdSpnSignInEvents. Finally AADSignInEventsBeta and AADSpnSignInEventsBeta can move out of beta and get the name change they deserve. #MDE #EntraID #XDR

Another Nim C2-Framework developed by @virtualloc. Can't believe you actually wrote the whole client in Nim as well 😂 Nice one! https://t.co/2rPGuqzbqr Including a Blog for parts of it: https://t.co/YvVxQpEjFG

New research from @jdu2600: a clean loader-lock escape using the PEB's PostProcessInitRoutine. Read the analysis and PoC code 📃

Microsoft has addressed CVE-2025-55315, a vulnerability related to HTTP request handling. This update strengthens security and helps reduce risks such as privilege escalation or SSRF. To stay protected, apply the latest patch, review your request handling logic, and confirm proxy

CVE-2025-59287 is being actively exploited. Update Windows Server Update Services now to reduce risk of a threat actor achieving remote code execution with system privileges. See our Alert for details ➡️ https://t.co/t5xpDWjSWS #Cybersecurity

@_dirkjan found one of the most severe vulnerabilities ever discovered in Microsoft Entra ID. One that could have compromised every tenant in the cloud. In this episode, we unpack the story, the stress, and the mindset behind responsible disclosure. 🔥 We dive deep into his

🛠️🧰 NoPrompt by @NotSoSecure - #Azure CAP testing tool 🔎 Checks for password-only access to Microsoft Entra ID / Azure AD (MFA gaps) 🌐 Simulates OAuth2 & web logins across multiple device user-agents 🧩 Tests Microsoft Graph, AAD Graph, and Service Management APIs ⚖️

Had a blast meeting everyone and running a workshop. Thanks again!

Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads: https://t.co/7nPiFiodwQ. Threat actors are actively seeking opportunities to compromise