Geoff Lee
@gklee.uk
Absolutely chilling. Thanks for this research. Hopefully some soul-searching happening at Microsoft to figure out how this was allowed to persist for so long.
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 20, 2025 at 3:47 PM
Absolutely chilling. Thanks for this research. Hopefully some soul-searching happening at Microsoft to figure out how this was allowed to persist for so long.
#cyanotype on cotton, my first attempt. I'm really surprised at how well the solution works on this fabric - it seems quite colourfast, too.
September 6, 2025 at 7:05 PM
#cyanotype on cotton, my first attempt. I'm really surprised at how well the solution works on this fabric - it seems quite colourfast, too.
Spectacular ad placement under Edith Pritchett's typically excellent cartoon in @theguardian.com today.
June 7, 2025 at 4:44 PM
Spectacular ad placement under Edith Pritchett's typically excellent cartoon in @theguardian.com today.
Hmm. This might have actually benefited from an AI copy-edit. Glad to hear humans will 'keep staying in the loop', whatever that means... #azure
June 4, 2025 at 5:41 PM
Hmm. This might have actually benefited from an AI copy-edit. Glad to hear humans will 'keep staying in the loop', whatever that means... #azure
Reposted by Geoff Lee
Quickest way to reliably find business logic flaws is to change your mindset:
You're not looking for bugs, you're hunting for assumptions.
Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.
#bugbountytips #cybersecurity
You're not looking for bugs, you're hunting for assumptions.
Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.
#bugbountytips #cybersecurity
May 11, 2025 at 5:00 PM
Quickest way to reliably find business logic flaws is to change your mindset:
You're not looking for bugs, you're hunting for assumptions.
Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.
#bugbountytips #cybersecurity
You're not looking for bugs, you're hunting for assumptions.
Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.
#bugbountytips #cybersecurity
If you're in the market for a used laptop, you could do a lot worse than a Dell Latitude 7290. 16GB RAM, 256SSD, Thunderbolt 3 for well under £200. Runs Win 11 nicely, if that's your thing.
April 15, 2025 at 4:57 PM
If you're in the market for a used laptop, you could do a lot worse than a Dell Latitude 7290. 16GB RAM, 256SSD, Thunderbolt 3 for well under £200. Runs Win 11 nicely, if that's your thing.
Great day of First Responder training yesterday with @nccgroupinfosec.bsky.social This should be mandatory for IT professionals. #infosec #cybersecurity
April 3, 2025 at 5:14 AM
Great day of First Responder training yesterday with @nccgroupinfosec.bsky.social This should be mandatory for IT professionals. #infosec #cybersecurity
This analogy really... unzips the problem. Next let's look at the effect of regular flushing on queue length 😂
It's widely known that sharing a queue across multiple servers, rather than queue-per-server, often helps reduce latency and improve utilization. But when is one queue better? In my new blog post, I look at one case: different classes of work. Read it here: brooker.co.za/blog/2025/03...
March 31, 2025 at 6:09 AM
This analogy really... unzips the problem. Next let's look at the effect of regular flushing on queue length 😂
50Kg radiator fell off the wall this week. Turns out it was held on with 4 of these. I don't think they even went through the plaster... #diynightmare
March 29, 2025 at 1:45 PM
50Kg radiator fell off the wall this week. Turns out it was held on with 4 of these. I don't think they even went through the plaster... #diynightmare
I can't put my finger on it, but I'm finding the prose style of the most recent Claude Sonnet is significantly less clunky and 'AI-seeming' than other models. From Simon's examples here I'd say this includes GPT-4.5. I just find Claude's output more readable (I also prefer its pelicans :)
Wrote up my first impressions of the new GPT-4.5 - it's quite slow, VERY expensive and doesn't appear to be a notable leap forward from GPT-4o or o3-mini https://simonwillison.net/2025/Feb/27/introducing-gpt-45/
Introducing GPT-4.5
GPT-4.5 is out today as a "research preview" - it's available to OpenAI Pro ($200/month) customers but also to developers with an API key. OpenAI also published [a GPT-4.5 system …
simonwillison.net
February 28, 2025 at 10:02 PM
I can't put my finger on it, but I'm finding the prose style of the most recent Claude Sonnet is significantly less clunky and 'AI-seeming' than other models. From Simon's examples here I'd say this includes GPT-4.5. I just find Claude's output more readable (I also prefer its pelicans :)
It's nice when something that intuitively-should-work-but-probably-wont, actually does gklee.hashnode.dev/upgrading-a-...
Upgrading a Terraform-managed MySQL Flexible Server
Azure offers the option to in-place upgrade an instance of Azure Database for MySQL Flexible Server (its managed MySQL-as-a-Service offering) from major version 5 to 8. Pretty handy. My MySQL flexible...
gklee.hashnode.dev
February 28, 2025 at 6:39 PM
It's nice when something that intuitively-should-work-but-probably-wont, actually does gklee.hashnode.dev/upgrading-a-...
Has @cunkonlife.bsky.social tried interviewing ChatGPT?
February 8, 2025 at 10:17 AM
Has @cunkonlife.bsky.social tried interviewing ChatGPT?