
Fabian Bader
@fabian_bader
Followers
9K
Following
15K
Media
923
Statuses
7K
#Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]
Hamburg, Germany
Joined November 2016
📢If you missed my talk about Azure Attack Path at the @identitysummit, I just updated my blog with content created for the conference. New analytic rules, demo attack script and the slides are not available. #Azure #Security #Defend #Attack #Sentinel.
cloudbrothers.info
Creating and maintaining a secure environment is hard. And with every technology or product added to your environment it gets more complicated. Microsoft Azure as a cloud environment is no exception...
3
107
306
RT @hkashfi: I just noticed CVE-2025-25257 and had a giggle. Not because it's yet another Fortinet remote bug. But because it's a SQLi, in….
0
40
0
You might want to check your XDR streaming API as well and do some late summer cleaning. You might be surprised to find a Sentinel from the past. #XDR.
0
0
7
RT @TEMP43487580: I just started a new blog, and this is my first post. I took a bit of PTO, so this is a little record of some fun I had p….
temp43487580.github.io
Ways of device ownership spoofing and more for persistent access to Intune
0
66
0
You work with #XDR and always wanted to the process tree data outside of the Defender portal?. With XDR Story Parser you can.▫️Redact sensitive information.▫️Export process tree as screenshot.▫️Extract PowerShell and command-lines.▫️Zoom in onto a process.
2
26
133
RT @JohnLaTwC: In KQL, if you have a base table with many columns, you may want a simplifed view--just a subset of columns that are arrange….
0
5
0
RT @DuRM365: #Security & #Governance sind zentrale Bestandteile einer sicheren Verwendung von IT Ressourcen. Auch in #Microsoft365 müssen w….
0
1
0
Wanna play around with #KQL and #Graph. Microsoft just released sample datasets to play around and look at this gorgeous visualization for the #Bloodhound schema they offer!. Thanks @cosh23 🥰.
0
33
129
RT @schnoll: No more MOERA domains for email (which you shouldn't be using the first place 😉). Limiting Onmicrosoft Domain Usage for Sendin….
techcommunity.microsoft.com
We are announcing that all Exchange Online customers who send external email should start switching to custom (aka vanity) domain names.
0
8
0
RT @ExpelSecurity: 🚨 A NEW trojan on the block spotted by our threat intel team 👀. We saw files with the code-signing signature “GLINT SOF….
0
18
0
RT @_dirkjan: If you didn't find my Black Hat / Def Con slides yet, they are available on . Also includes the demo….
dirkjanm.io
0
68
0
Want to watch how Microsoft is removing the XDR deception configuration. Initially I had written this for debugging, but not I guess we only will see how stuff get's removed over time. #XDR #Deception #RIP. Thanks @DylanInfosec for the initial idea.
gist.github.com
Troubleshooting Deception - Deception in XDR is deprecated starting 18.08.2025 - XDRDeceptionTroubleshooting.kql
2
5
14
RT @4ndr3w6S: Still need a ticket to @DEATHCon2025 in Austin?. Just a few left. Grab yours before they’re gone ⬇️.
0
3
0
RT @PyroTek3: One of the things that can be challenging when creating a honeypot account in Active Directory is making it look like a real….
0
58
0
RT @BertJanCyber: New blog! .GraphApiAuditEvents: The new Graph API Logs. This July the GraphApiAuditEvents were released in public preview….
kqlquery.com
This blog introduces the new GraphApiAuditEvents table in Microsoft Defender XDR’s Advanced Hunting, a cost-free alternative to the MicrosoftGraphActivityLogs previously available in Sentinel. It...
0
15
0
New Microsoft Graph based API for response actions in #MDI . Disable, Enable, ForcePasswordReset and RevokeAllSessions finally available for your automations.
2
26
146
Deception feature in Microsoft Defender for Endpoint will be retired by 31. October 2025 #deception #xdr .
Heads up. Spotted by a colleague this morning: deception capabiliites in MDE are not making it past public preview.
1
3
11
RT @dmcxblue: Back from PTO and back on my Azure vulnerable lab project Function Apps, Runbooks, VMs, DBs, SPNs & more. Built to learn Azur….
github.com
An HTA Application which builds Azure (Entra) Scenarios for Red Team Simulations - dmcxblue/AzureStrike
0
38
0