sapir federovsky
@sapirxfed
Followers
5K
Following
4K
Media
516
Statuses
2K
Doing things @wiz_io And then doing more things at home | failed research blog: https://t.co/j2HT1Tpscs
Tel Aviv
Joined August 2015
Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂.
sapirxfed.com
In this post, I dive into how the UpdateDevice function of dsregcmd works behind the scenes. From playing with registry values, tracing API calls in WinDbg, and intercepting requests with Burp, I e…
5
43
184
Can't believe I'm here for 2 weeks already. Time flies when you love your work 🥰
3
0
54
hello world (: Did any of you ever used the following command and it worked for him? (: "roadtx owalogin".Do you have a relevant blogpost about it?.Thanks ahead!😀.
1
1
6
New Entra CTF by @wiz_io 🫡.I tried it and it's so fun!!!.
cloudsecuritychampionship.com
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
1
7
51
Make sure you are not compromised !!!.
stepsecurity.io
Nx package on npm hijacked to steal cryptocurrency wallets, GitHub/npm tokens, SSH keys, and environment secrets through sophisticated exfiltration attack
Wow the github thing is crazy.
2
2
21
WOW!!! @TEMP43487580 such a good post!!! it is so well written, interesting research and great results! Thank you! 🤩.
temp43487580.github.io
Ways of device ownership spoofing and more for persistent access to Intune
1
13
76
RT @_JohnHammond: The new Bloodhound version has some genuinely crazy cool new features -- OpenGraph really blows the doors off the potenti….
0
40
0
I really liked this post. It explains about service accounts in gcp with a lot of pictures, just how i like my posts 😁.
mitiga.io
Google Cloud Platform (GCP) continues to expand its offerings and remains a top-tier cloud infrastructure service provider. It offers a wide range of services, including Compute Engine (VMs), Google...
0
0
11
Just finished surfing lesson #3. It was the worst so far 😂.But the goal is to keep trying! 4 more lessons to go!.
1
0
9
Im learning all sorts of cloud stuff 😀 this is an awesome tool!.Maybe I'll try to contribute to the azure functionality 😁.
0
6
76
Just started watching dr who from the beginning (the renewal) after I didn't watch it for years (quit after Matt Smith 🤣) .Im excited AF
0
0
4
Hi 🤗 I'm working on the openings for this month for the (Israeli) magazine I'm editing. I would be happy to hear your experience from BH and DC! best talks, new vulns, vibes, people, everything you feel is interesting. Please comment here or dm me!
1
1
10
It's my last day of vacation before starting my new job and I'm so excited!!!!
10
0
103
Lately, i see these brk_* parms at oauth authentication, I assumed it's related to NAA, but I wasn't sure how it works. I waited for the recording from a conf about it. I don't need to wait anymore! This post explains everything really well! Now I see why BroCI makes sense.
0
1
18
I really waited for a blog on NAA. Going to read it first thing tomorrow! Im excited 🤩.
Why should Microsoft's Nested App Authentication (NAA) should be on your security team's radar? @Icemoonhsv breaks down NAA and shows how attackers can pivot between Azure resources using brokered authentication.
1
0
14