sapir federovsky
@sapirxfed
Followers
5K
Following
4K
Media
539
Statuses
2K
Doing things @wiz_io And then doing more things at home | failed research blog: https://t.co/j2HT1Tpscs
Tel Aviv
Joined August 2015
Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂 https://t.co/XTZM2GDowL
sapirxfed.com
In this post, I dive into how the UpdateDevice function of dsregcmd works behind the scenes. From playing with registry values, tracing API calls in WinDbg, and intercepting requests with Burp, I e…
5
43
184
Day 3 – #DiaryOfWannabeResearcher I’m finally making a research backlog! a place for every idea, half-thought, and “maybe someday” project. Feels good to organize the chaos a bit.🤭
0
0
10
Day 2 – #DiaryOfWannabeResearcher Trying something harder today: reading a complex post and summarizing it in my own words. It’s a good test, if I can’t explain it simply, I didn’t fully get it.
1
1
6
Just read this post by @ExeqZ! https://t.co/4OugL7KK9m. So you need ngcmfa to the security info page. I wonder if we can use the "upgrade" method by @_dirkjan (from WHFB post)after device code phishing to get the token without 2nd MFA
0
1
6
Day 1 of #DiaryOfWannabeResearcher Today’s mission: just scroll. Read comments, threads, and random thoughts. In 5 minutes, I already found new ideas and features I want to explore. Research starts with curiosity💪🙂
1
0
10
If you were an attacker, add a secret to an application. What would you write for the description of the secret? Would you leave it empty? Do you have real-world info on this? @merill 🤭
5
0
6
This comment helped me understand something very important: if I see an app using the same secret for a long time, it's still possible it's an attacker that exists in my env for a while, so it's not a good reason to assume it's legitimate
This is a really good question and is one of tests in the new Zero Trust Assessment that we released release yesterday. Yes, apps with expired creds are BAD. Especially if the apps have privileged permissions to various APIs. It's a ticking time bomb since an attacker that
0
0
1
Kicking off a small project: From a Diary of a Wannabe Researcher. I’ll share short daily thoughts on what makes a good defensive researcher mindset, habits, failures, and small wins. It’s my way to get back into learning😁 starting tomorrow morning!
4
0
13
👋 Folks, I'm super excited to announce the launch of the Microsoft Zero Trust Assessment! I've been working on this project for the past year at Microsoft with an extended team including our security researchers, product feature teams and docs Here's what it does 🧵👇
34
161
778
Finishing a company conference feeling SO inspired! Stay tuned for some cool things from my end 🫡 on the pic: me & @wiz_io thingy 💙😁
0
0
8
Good morning to all the people who feel like a failure. Let's cry in the corner together 😁
1
0
9
There are many people who inspire me, but @_dirkjan tops the list.🤭 Beyond being a genius, he’s also one of the kindest people in our community. This episode by @merill shows it perfectly 😀 https://t.co/yoysUipayh
entra.news
From Curiosity to CVE: The Story Behind Entra’s Wildest Exploit
1
5
45
Not every day you see a new critical cross tenant vuln in azure! I like this one, and i like the detailed blog post 🙂 https://t.co/V7DqvB9h2v
thecollective.eu
0
13
37
Such a good post by @cnotin ! Basically everything you want to know about federation attacks and how to detect them! https://t.co/TjBVldAThT
medium.com
Which Entra ID (ex-Azure AD) roles allow configuring federated authentication, thus allowing persistence and privilege escalation 💥
2
12
53
Did you know that 97% of Entra logins are non-interactive? #entraid #cybersecurity #techtok #cybertok #entrachat
0
5
58
This series about Azure arc is really interesting! Many details, a lot of pictures 😊 https://t.co/ytlmDC8j2h
nsideattacklogic.de
Azure Arc is Microsoft’s solution to allow customers to manage on-premises resources (servers and the likes) using Azure Resource Manager, i.e. the Azure
1
14
59
Did you know that changing the "onPremisesSamAccountName" to "MSOL_<>" using the sync API doesn't create any log?🙃 Happy DCSync to you all! https://t.co/ee8b4yKRxP
dirkjanm.io
Many modern enterprises operate in a hybrid environment, where Active Directory is used together with Azure Active Directory. In most cases, identities will be synchronized from the on-premises...
0
31
145
Do people still use cloud kerberos trust? I found this amazing talk by @elad_shamir and @hotnops ! https://t.co/6CRXTnSEXm
0
4
28