_xDeJesus Profile Banner
Terrance DeJesus Profile
Terrance DeJesus

@_xDeJesus

Followers
765
Following
3K
Media
141
Statuses
3K

☁️ Cloud & Identity Security | Hunting threats & safeguarding the cloud | #cybersecurity #threathunting #cloudsecurity | {opinions are my own}

United States
Joined May 2014
Don't wanna be here? Send us removal request.
@_xDeJesus
Terrance DeJesus
2 days
Excited to host a hands-on investigation lab at #DEFCON33 in the #CloudVillage!. Built from the perspective of an opportunistic adversary, this E2E AWS breach simulation leaves footprints for hunters and detection engineers to track across cloud, identity, storage, endpoint &.
1
4
14
@_xDeJesus
Terrance DeJesus
3 days
RT @cloudvillage_dc: 🔥 Cloud Village Labs schedule for @defcon is live!. The Cloud Village Labs lineup is organized by genre to help you di….
0
8
0
@_xDeJesus
Terrance DeJesus
5 days
RT @cyb3rops: So apparently the --host option in sudo has been broken since 2013. You could just trick it into accepting remote rules on th….
0
166
0
@_xDeJesus
Terrance DeJesus
6 days
RT @_sigil: ☁️ My fwd:cloudsec talk, "I SPy: Rethinking Entra ID research for new paths to Global Admin", is up! Learn what a service princ….
0
31
0
@_xDeJesus
Terrance DeJesus
6 days
RT @MsftSecIntel: Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve….
0
52
0
@_xDeJesus
Terrance DeJesus
6 days
RT @elasticseclabs: New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion….
0
48
0
@_xDeJesus
Terrance DeJesus
7 days
If anything this week, I highly recommend giving this #EntraID research by @fabian_bader and @_dirkjan on CA bypasses a read.
0
14
47
@_xDeJesus
Terrance DeJesus
8 days
cont'd. Looks like Entra ID's Identity Protection will assign some of the logins from spraying and exfil as suspicious too. Sign-in logs will have a `risk_state` field with `atRisk` which is good for these signals and others. Or if you ingest Identity
Tweet media one
0
0
1
@_xDeJesus
Terrance DeJesus
9 days
TeamFiltration tool abuse - I've been playing around with it today. So far. if at least 10 users are selected for enum with SFA ROPC logins or spraying --> Below is rule that catches some of the enum and spraying. AADSTS50126 is one of the main error codes likely seen.
Tweet media one
Tweet media two
Tweet media three
Tweet media four
2
6
35
@_xDeJesus
Terrance DeJesus
12 days
RT @DrAzureAD: Slides from my @WEareTROOPERS talk are available at
Tweet media one
0
51
0
@_xDeJesus
Terrance DeJesus
12 days
RT @Antonlovesdnb: Coming up on my 1 year anniversary with @HuntressLabs ! . Taking this opportunity to go over some things myself and the….
0
46
0
@_xDeJesus
Terrance DeJesus
12 days
RT @_dirkjan: Since several people already asked: the slides from @fabian_bader and myself for @WEareTROOPERS are available! "Finding Entra….
0
85
0
@_xDeJesus
Terrance DeJesus
13 days
RT @BleepinComputer: Microsoft 365 'Direct Send' abused to send phishing as internal users - @LawrenceAbrams. https….
0
40
0
@_xDeJesus
Terrance DeJesus
13 days
RT @ericonidentity: At @WEareTROOPERS I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable….
0
37
0
@_xDeJesus
Terrance DeJesus
13 days
RT @fabian_bader: One of the results of the joined research with @_dirkjan is . Basically the yellow pages for Micr….
0
66
0
@_xDeJesus
Terrance DeJesus
14 days
Did a write-up on OAuth phishing (offense and defense). It's based on phishing campaign's reported by @Volexity earlier this year. - What are OAuth phishing links; what is the workflows behind them.- How to emulate (examples) and use ROADtools for further compromise.-.
0
17
56
@_xDeJesus
Terrance DeJesus
15 days
RT @SBousseaden: cool alternative to clickfix, thanks for sharing!. possible detection is to looks for process.parent.args :"--message-loop….
0
11
0
@_xDeJesus
Terrance DeJesus
16 days
RT @mrgretzky: If you're battling phishing detections through CSS canary tokens, make sure to add these entries into your Evilginx MS365 ph….
0
54
0
@_xDeJesus
Terrance DeJesus
17 days
RT @rad9800: People often ask why I pivoted away from malware. Sometimes I ask myself the same question. After all, everything I've publis….
0
49
0