DylanInfosec🛡️
@attackthesoc.com
Dad ⚭ Husband
𒉭 Azure Security | IAM | DE&TH
https://attackthesoc.com/
🏋️♂️CultoftheIron, Learning 🛹
What stands in the way, becomes the way
𒉭 Azure Security | IAM | DE&TH
https://attackthesoc.com/
🏋️♂️CultoftheIron, Learning 🛹
What stands in the way, becomes the way
Have 4 articles I've been working on here and there for a while now, yet I complete the one I started yesterday... go figure. Idea popped into my head so wrote it out in one go.
attackthesoc.com/posts/detect... - Using KQL to Detect Gaps in your Conditional Access Strategy
attackthesoc.com/posts/detect... - Using KQL to Detect Gaps in your Conditional Access Strategy
Using KQL to Detect Gaps in your Conditional Access Strategy
Conditional Access Policies serve as the frontline defenders of your Azure resources, but evolving business requirements can introduce unintended gaps. This article explores how to transform your high...
attackthesoc.com
March 23, 2025 at 9:09 PM
Have 4 articles I've been working on here and there for a while now, yet I complete the one I started yesterday... go figure. Idea popped into my head so wrote it out in one go.
attackthesoc.com/posts/detect... - Using KQL to Detect Gaps in your Conditional Access Strategy
attackthesoc.com/posts/detect... - Using KQL to Detect Gaps in your Conditional Access Strategy
Reposted by DylanInfosec🛡️
Becky Burke of Book Island (a picture book publisher in the UK founded by my fellow Tokarczuk translator Greet Pauwelijn) was "detained" by ICE at the Canadian border on 2/28. Her father asked that her story be shared in case someone can help her. He writes:
March 9, 2025 at 5:02 PM
Becky Burke of Book Island (a picture book publisher in the UK founded by my fellow Tokarczuk translator Greet Pauwelijn) was "detained" by ICE at the Canadian border on 2/28. Her father asked that her story be shared in case someone can help her. He writes:
If you work with Application owners you know how fun initializing groups for new SSO apps is. Bulk group member upload makes it easy but app owners tend to only ever provide a big list of emails. Bulk requires UPN or OID so here's a script I always turn to github.com/AttacktheSOC...
Azure-SecOps/Graph/Users/Get-UserObjectIds.ps1 at main · AttacktheSOC/Azure-SecOps
Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc) - AttacktheSOC/Azure-SecOps
github.com
February 19, 2025 at 9:52 PM
If you work with Application owners you know how fun initializing groups for new SSO apps is. Bulk group member upload makes it easy but app owners tend to only ever provide a big list of emails. Bulk requires UPN or OID so here's a script I always turn to github.com/AttacktheSOC...
On Device Code phishing: Some folks were confused about this so wanted to share here. A generated device code is not tied to a single user. If a shared mailbox or mailbox with other accounts with view rights is hit with a spearphish, investigate all accounts.
February 19, 2025 at 5:22 PM
On Device Code phishing: Some folks were confused about this so wanted to share here. A generated device code is not tied to a single user. If a shared mailbox or mailbox with other accounts with view rights is hit with a spearphish, investigate all accounts.
Reposted by DylanInfosec🛡️
CISA is one of the most important agencies you may not have heard of, partly due to its relative youth, and partly due to the fact that when it does its job—which it has done admirably—it generally does not make headlines.
And now Trump is gutting it.
And now Trump is gutting it.
NEW: CISA has frozen all of its election security work; the agency is also reviewing everything it’s done to help state and local officials secure their elections for the past eight years.
www.wired.com/story/cisa-e...
www.wired.com/story/cisa-e...
Top US Election Security Watchdog Forced to Stop Election Security Work
The US Cybersecurity and Infrastructure Security Agency has frozen efforts to aid states in securing elections, according to an internal memo viewed by WIRED.
www.wired.com
February 15, 2025 at 1:29 PM
CISA is one of the most important agencies you may not have heard of, partly due to its relative youth, and partly due to the fact that when it does its job—which it has done admirably—it generally does not make headlines.
And now Trump is gutting it.
And now Trump is gutting it.
As @ericazelic.bsky.social mentioned all the energy around Device Code abuse is long overdue.
To get more info about how it’s done, these articles are relevant
2020 & 2022 respectively
@drazuread.bsky.social aadinternals.com/post/phishing/
@inversecos www.inversecos.com/2022/12/how-...
To get more info about how it’s done, these articles are relevant
2020 & 2022 respectively
@drazuread.bsky.social aadinternals.com/post/phishing/
@inversecos www.inversecos.com/2022/12/how-...
Introducing a new phishing technique for compromising Office 365 accounts
The ongoing global phishing campaings againts Microsoft 365 have used various phishing techniques.
Currently attackers are utilising forged login sites and OAuth app consents.
In this blog, I’ll intr...
aadinternals.com
February 14, 2025 at 11:21 PM
As @ericazelic.bsky.social mentioned all the energy around Device Code abuse is long overdue.
To get more info about how it’s done, these articles are relevant
2020 & 2022 respectively
@drazuread.bsky.social aadinternals.com/post/phishing/
@inversecos www.inversecos.com/2022/12/how-...
To get more info about how it’s done, these articles are relevant
2020 & 2022 respectively
@drazuread.bsky.social aadinternals.com/post/phishing/
@inversecos www.inversecos.com/2022/12/how-...
Had this saved in the WIP folder forever
KQL for anti-forensics activities
github.com/AttacktheSOC...
So much can be added to this. Think 3rd party tools to aid anti-forensics, browser forensics... too much to name
OMG, look at this😶updates to come! github.com/MikeHorn-git...
KQL for anti-forensics activities
github.com/AttacktheSOC...
So much can be added to this. Think 3rd party tools to aid anti-forensics, browser forensics... too much to name
OMG, look at this😶updates to come! github.com/MikeHorn-git...
github.com
February 14, 2025 at 10:29 PM
Had this saved in the WIP folder forever
KQL for anti-forensics activities
github.com/AttacktheSOC...
So much can be added to this. Think 3rd party tools to aid anti-forensics, browser forensics... too much to name
OMG, look at this😶updates to come! github.com/MikeHorn-git...
KQL for anti-forensics activities
github.com/AttacktheSOC...
So much can be added to this. Think 3rd party tools to aid anti-forensics, browser forensics... too much to name
OMG, look at this😶updates to come! github.com/MikeHorn-git...
Was asked by a colleague for some help with a Remediation Script and remembered this little number: reg2ps.azurewebsites.net from
@roger_zander
Thank you!
Bookmark it
If using it for Intune, modify the Check Script output. Replace any $false with a 1. and $true with 0
@roger_zander
Thank you!
Bookmark it
If using it for Intune, modify the Check Script output. Replace any $false with a 1. and $true with 0
Registry to PowerShell converter
Convert PowerShell scripts into Windows executables.
reg2ps.azurewebsites.net
February 14, 2025 at 10:28 PM
Was asked by a colleague for some help with a Remediation Script and remembered this little number: reg2ps.azurewebsites.net from
@roger_zander
Thank you!
Bookmark it
If using it for Intune, modify the Check Script output. Replace any $false with a 1. and $true with 0
@roger_zander
Thank you!
Bookmark it
If using it for Intune, modify the Check Script output. Replace any $false with a 1. and $true with 0
Reposted by DylanInfosec🛡️
Just posted a new entry to my blog! Trying to hunt for couple of anomalies using MDE. A lot of problems arised, as usually.
#threathunting #mde #defender
threathunt.blog/registry-hun...
#threathunting #mde #defender
threathunt.blog/registry-hun...
Look into couple of suspicous registry activities
Look into couple of suspicous registry activities
threathunt.blog
February 9, 2025 at 12:45 PM
Just posted a new entry to my blog! Trying to hunt for couple of anomalies using MDE. A lot of problems arised, as usually.
#threathunting #mde #defender
threathunt.blog/registry-hun...
#threathunting #mde #defender
threathunt.blog/registry-hun...
Took a trip inside to get a break from the bleak winter weather
January 26, 2025 at 8:32 PM
Took a trip inside to get a break from the bleak winter weather
Reposted by DylanInfosec🛡️
Defender Resource Hub Update - Winter 2025
defenderresourcehub.info
#Security #Learn #StayUptodate #Defenders #MicrosoftSecurity
defenderresourcehub.info
#Security #Learn #StayUptodate #Defenders #MicrosoftSecurity
January 26, 2025 at 1:39 PM
Defender Resource Hub Update - Winter 2025
defenderresourcehub.info
#Security #Learn #StayUptodate #Defenders #MicrosoftSecurity
defenderresourcehub.info
#Security #Learn #StayUptodate #Defenders #MicrosoftSecurity
Very cool course by the folks
at Kopidion LLC on how to look at things from the adversary's perspective.
Thank you for the training!
at Kopidion LLC on how to look at things from the adversary's perspective.
Thank you for the training!
January 24, 2025 at 10:39 PM
Very cool course by the folks
at Kopidion LLC on how to look at things from the adversary's perspective.
Thank you for the training!
at Kopidion LLC on how to look at things from the adversary's perspective.
Thank you for the training!
Reposted by DylanInfosec🛡️
I wrote a very timely introduction to digital security for journalists for @gijn.org last fall. This guidance may also apply to activists, lawyers, and anyone else doing at-risk work these days. gijn.org/resource/int...
Introduction to Investigative Journalism: Digital Security
Digital security may seem a little daunting at first, but increased security will help investigative journalists build trust with — and protect — current and future sources.
gijn.org
January 24, 2025 at 4:10 AM
I wrote a very timely introduction to digital security for journalists for @gijn.org last fall. This guidance may also apply to activists, lawyers, and anyone else doing at-risk work these days. gijn.org/resource/int...
Well... that was an experience, I thought I prepared for everything, just not Teams failing. Dug out an old laptop.
Very big thanks to @cyb3rmik3.bsky.social for inviting me on and to anyone able to stick around and listen, thank you for your patience. I hope you were able to learn something new.
Very big thanks to @cyb3rmik3.bsky.social for inviting me on and to anyone able to stick around and listen, thank you for your patience. I hope you were able to learn something new.
January 23, 2025 at 10:50 PM
Well... that was an experience, I thought I prepared for everything, just not Teams failing. Dug out an old laptop.
Very big thanks to @cyb3rmik3.bsky.social for inviting me on and to anyone able to stick around and listen, thank you for your patience. I hope you were able to learn something new.
Very big thanks to @cyb3rmik3.bsky.social for inviting me on and to anyone able to stick around and listen, thank you for your patience. I hope you were able to learn something new.
Very excited to do my first my talk ever tomorrow. Me and public speaking aren’t close friends. Nervous as hell lol but ready and excited
January 23, 2025 at 12:58 AM
Very excited to do my first my talk ever tomorrow. Me and public speaking aren’t close friends. Nervous as hell lol but ready and excited
Reposted by DylanInfosec🛡️
📢 Don't miss @attackthesoc.com tomorrow talking about deception with MDE!
The Greek Microsoft Security Community is thrilled to host its 3rd meetup tomorrow, featuring an exciting discussion with Dylan.
ℹ️ More info on how to join ⤵️
www.meetup.com/greek-micros...
The Greek Microsoft Security Community is thrilled to host its 3rd meetup tomorrow, featuring an exciting discussion with Dylan.
ℹ️ More info on how to join ⤵️
www.meetup.com/greek-micros...
Greek Microsoft Security Community - 3rd Meetup with Dylan Tenebruso, Thu, Jan 23, 2025, 7:00 PM | Meetup
🇬🇷 Σας καλούμε στο πρώτο meetup για το 2025 και το τρίτο κατά σειρά της Ελληνικής Microsoft Security Κοινότητας που θα πραγματοποιηθεί online με θέμα "Artifice: Leveragin
www.meetup.com
January 22, 2025 at 7:31 PM
📢 Don't miss @attackthesoc.com tomorrow talking about deception with MDE!
The Greek Microsoft Security Community is thrilled to host its 3rd meetup tomorrow, featuring an exciting discussion with Dylan.
ℹ️ More info on how to join ⤵️
www.meetup.com/greek-micros...
The Greek Microsoft Security Community is thrilled to host its 3rd meetup tomorrow, featuring an exciting discussion with Dylan.
ℹ️ More info on how to join ⤵️
www.meetup.com/greek-micros...
I’m honored and excited to have the opportunity to speak about the powerful deception rules feature in the MDE platform with the Greek Microsoft Security Community. Join us as we explore how to leverage this feature to enhance your detection strategy.
Thank you, @cyb3rmik3.bsky.social !
Thank you, @cyb3rmik3.bsky.social !
📢 I am very happy to announce that @attackthesoc.com will join the 🇬🇷 Microsoft Security Community on January 23rd for our first meetup for 2025 to discuss Microsoft Defender for Endpoint Deception capabilities.
Presentation will be held in 🇬🇧 so feel free to join!
www.meetup.com/greek-micros...
Presentation will be held in 🇬🇧 so feel free to join!
www.meetup.com/greek-micros...
Greek Microsoft Security Community - 3rd Meetup with Dylan Tenebruso, Thu, Jan 23, 2025, 7:00 PM | Meetup
🇬🇷 Σας καλούμε στο πρώτο meetup για το 2025 και το τρίτο κατά σειρά της Ελληνικής Microsoft Security Κοινότητας που θα πραγματοποιηθεί online με θέμα "Artifice: Leveragin
www.meetup.com
December 22, 2024 at 8:11 PM
I’m honored and excited to have the opportunity to speak about the powerful deception rules feature in the MDE platform with the Greek Microsoft Security Community. Join us as we explore how to leverage this feature to enhance your detection strategy.
Thank you, @cyb3rmik3.bsky.social !
Thank you, @cyb3rmik3.bsky.social !
How's everyone's Winter Arc going? What's that flashback scene going to look like?
December 22, 2024 at 7:55 PM
How's everyone's Winter Arc going? What's that flashback scene going to look like?
Been playing more with the rpi and arduino.
This time using OpenCV for facial detection and sending the id to rpi to the arduino display.
Next, seeing if the kids want to help hook up some servos, craft a viable hand and get a waving robot hand. Articulation after that
This time using OpenCV for facial detection and sending the id to rpi to the arduino display.
Next, seeing if the kids want to help hook up some servos, craft a viable hand and get a waving robot hand. Articulation after that
December 21, 2024 at 4:41 PM
Been playing more with the rpi and arduino.
This time using OpenCV for facial detection and sending the id to rpi to the arduino display.
Next, seeing if the kids want to help hook up some servos, craft a viable hand and get a waving robot hand. Articulation after that
This time using OpenCV for facial detection and sending the id to rpi to the arduino display.
Next, seeing if the kids want to help hook up some servos, craft a viable hand and get a waving robot hand. Articulation after that
Final product:
1) Sideways smiley face (clear skies) : )
2) Cold ass nights
3) kids thinking they’re funny asking for a real raspberry 🥧
1) Sideways smiley face (clear skies) : )
2) Cold ass nights
3) kids thinking they’re funny asking for a real raspberry 🥧
December 15, 2024 at 1:24 AM
Final product:
1) Sideways smiley face (clear skies) : )
2) Cold ass nights
3) kids thinking they’re funny asking for a real raspberry 🥧
1) Sideways smiley face (clear skies) : )
2) Cold ass nights
3) kids thinking they’re funny asking for a real raspberry 🥧
We took over the table to learn a bit about programming today.
Raspberry Pi hits the OpenWeatherAPI to get the weather forecast and feeds it to the micro
LCD, top line reads datetime
Bottom line summarizes the weather. Max7219 displays a emoji face resultant of the weather
Raspberry Pi hits the OpenWeatherAPI to get the weather forecast and feeds it to the micro
LCD, top line reads datetime
Bottom line summarizes the weather. Max7219 displays a emoji face resultant of the weather
December 15, 2024 at 1:20 AM
We took over the table to learn a bit about programming today.
Raspberry Pi hits the OpenWeatherAPI to get the weather forecast and feeds it to the micro
LCD, top line reads datetime
Bottom line summarizes the weather. Max7219 displays a emoji face resultant of the weather
Raspberry Pi hits the OpenWeatherAPI to get the weather forecast and feeds it to the micro
LCD, top line reads datetime
Bottom line summarizes the weather. Max7219 displays a emoji face resultant of the weather
Bought my daughter a Procreate license an hour ago… she’s so damn awesome. So proud and excited to see what she makes next . No books or tutorials, just craftin some stuff up
December 13, 2024 at 1:52 AM
Bought my daughter a Procreate license an hour ago… she’s so damn awesome. So proud and excited to see what she makes next . No books or tutorials, just craftin some stuff up
Reposted by DylanInfosec🛡️
And just like that, all our #windows devices suddenly got dual enrollment aka LinkedEnrollment. This groundbreaking step toward Declarative Device Management enrollment was triggered by Device Inventory. This new feature also makes use of the MMP-C infra alongside EPM
#msintune #intune
#msintune #intune
December 7, 2024 at 7:07 PM
Sometimes to get back to my NJ Italian-American roots I call sausage, sawseege. Mozzarella, motz or motzahrell. Vaffanculo, fongool
a man in a tuxedo is standing in a room with the word prego written on the bottom of his face .
Alt: a man in a tuxedo is standing in a room and raises his hand with the Italian hand gesture🤌 with the word prego written on the bottom
media.tenor.com
December 8, 2024 at 2:37 PM
Sometimes to get back to my NJ Italian-American roots I call sausage, sawseege. Mozzarella, motz or motzahrell. Vaffanculo, fongool