Simon Maxwell-Stewart
@kidtronnix
Followers
26
Following
39
Media
2
Statuses
22
doing, thinking.
Joined July 2025
In case you missed it, i dropped an offensive toolkit for #RestlessGuests. Lemme know if you’re a red teamer who uses on an operation. https://t.co/vopOW6sEal I had a lot of fun with this hack, now moving on to more shenanigans elsewhere!
github.com
An offensive toolkit for restless guests #DEFCON33 - kidtronnix/restless-guest
0
2
5
Check out my new blog on nested app authentication and brokered authentication.
Why should Microsoft's Nested App Authentication (NAA) should be on your security team's radar? @Icemoonhsv breaks down NAA and shows how attackers can pivot between Azure resources using brokered authentication.
2
17
42
🕵️ Catch @kidtronnix at Cloud Village @defcon 33! 🎙️ “Restless Guests: From Subscription to Backdoor Intruder” 🔍 Explore Azure abuse & red team tactics 📍 Room 311, LVCC 🗓️ Aug 9 | 🕝 2:35–3:15 PM PT 🔗 https://t.co/WTBXdpH4tv
#Azure #RedTeam #CloudVillage #DEFCON33
0
2
2
Pretty old mini research i ended up not posting about avoiding GraphAPI when doing some Entra recon :)
sapirxfed.com
Just a small experiment to see what shows up (and what doesn’t) in Entra logs when using undocumented APIs. I poked around some lesser-known endpoints, checked how they interact with GraphActivityL…
2
9
33
Just dropped a blog on a new guest attack in Entra ID with default settings. Thanks to @_dirkjan and @DrAzureAD for helping on this one. https://t.co/tsGbuhOloR
beyondtrust.com
Discover how attackers can escalate privileges in Entra ID using Azure VMs, PRT theft, and device identity abuse. Learn how the “Evil VM” attack unfolds,…
0
1
5