@sapirxfed.bsky.social
Security researcher.
I have a blog: https://sapirxfed.com
I have a blog: https://sapirxfed.com
Reposted
Enhancements in #MicrosoftEntra (diagnostic) logs: Several interesting sign-in properties (including Session ID, status for Token Protection, or GSA traffic) have been added to the sign-in logs and available in #MicrosoftSentinel. (1/3)
February 11, 2025 at 5:31 PM
Enhancements in #MicrosoftEntra (diagnostic) logs: Several interesting sign-in properties (including Session ID, status for Token Protection, or GSA traffic) have been added to the sign-in logs and available in #MicrosoftSentinel. (1/3)
Some first-party apps that support ROPC flow, I see some FOCI apps in there 🫣
(I tested it!)
(I tested it!)
February 11, 2025 at 7:58 PM
Some first-party apps that support ROPC flow, I see some FOCI apps in there 🫣
(I tested it!)
(I tested it!)
Can someone explain what scenario can cause password failure log in non-interactive sign-in logs? 😥 @merill.net @fabian.bader.cloud
February 11, 2025 at 6:06 PM
Can someone explain what scenario can cause password failure log in non-interactive sign-in logs? 😥 @merill.net @fabian.bader.cloud
Want to avoid microsoft graph activity log detection? Just create all your requests as $batch
And you're done 😋
And you're done 😋
a pixelated image of a little girl in a red jacket looking up
ALT: a pixelated image of a little girl in a red jacket looking up
media.tenor.com
February 10, 2025 at 4:55 PM
Want to avoid microsoft graph activity log detection? Just create all your requests as $batch
And you're done 😋
And you're done 😋
I just found out that Project Zero has released a Windows Registry Research Series, and I'm really looking forward to reading it!
googleprojectzero.blogspot.com/2024/04/the-wi…
googleprojectzero.blogspot.com/2024/04/the-wi…
a close up of a cartoon bunny with the word wow written on it
ALT: a close up of a cartoon bunny with the word wow written on it
media.tenor.com
February 9, 2025 at 8:50 PM
I just found out that Project Zero has released a Windows Registry Research Series, and I'm really looking forward to reading it!
googleprojectzero.blogspot.com/2024/04/the-wi…
googleprojectzero.blogspot.com/2024/04/the-wi…
Omg I just realized all the good stuff happens here! It's like heaven of blog posts !!!
an animated image of elsa from frozen 2 says i am ready
ALT: an animated image of elsa from frozen 2 says i am ready
media.tenor.com
February 4, 2025 at 5:57 AM
Omg I just realized all the good stuff happens here! It's like heaven of blog posts !!!
That looks like a good one to read
Passkeys Authentication Across Platforms and Devices using Entra ID by Farooque Mohammad https://techcommunity.microsoft.com/discussions/CoreInfrastructureandSecurityBlog/passkeys-authentication-across-platforms-and-devices-using-entra-id/4361075?utm_source=bluesky&utm_medium=social&utm_campaign=az…
Passkeys Authentication Across Platforms and Devices using Entra ID | Microsoft Community Hub
Hello Everyone, In this blog, we will explore passkeys, a phishing-resistant, Passwordless authentication method based on the Fast Identity Online (FIDO2)...
techcommunity.microsoft.com
January 14, 2025 at 8:56 AM
That looks like a good one to read
I really enjoyed reading parts 1 and 2 of this series!🤩💪
www.edtechirl.com/p/gaining-in...
www.edtechirl.com/p/gaining-in...
Gaining Initial Access Part 1: How Do Attackers Find People to Target?
A look at how to enumerate users accounts in a M365 tenant
www.edtechirl.com
November 27, 2024 at 8:57 AM
I really enjoyed reading parts 1 and 2 of this series!🤩💪
www.edtechirl.com/p/gaining-in...
www.edtechirl.com/p/gaining-in...
Hybrid attack paths sound like a crazy capability!! I love correlating stuff 😂
Microsoft Security Exposure Management is now GA with some neat features
Attack Path Analysis with support for
◻️DACL
◻️Hybrid Attack Paths
and also #uRBAC support
#Ignite #XDR
https://buff.ly/3ZeN91K
Attack Path Analysis with support for
◻️DACL
◻️Hybrid Attack Paths
and also #uRBAC support
#Ignite #XDR
https://buff.ly/3ZeN91K
November 26, 2024 at 4:32 AM
Hybrid attack paths sound like a crazy capability!! I love correlating stuff 😂
Waiting for today's entra news so bad, I can't find anything to read 🥲
a little girl is standing in front of a mirror with her fist in the air and says `` can 't wait ! ''
ALT: a little girl is standing in front of a mirror with her fist in the air and says `` can 't wait ! ''
media.tenor.com
November 24, 2024 at 8:50 AM
Waiting for today's entra news so bad, I can't find anything to read 🥲
Currently working on a cool automation that sends you a message every time something is added to version v1.0 in the changelog. Would anyone be interested in the code?
a cat wearing glasses and a tie is laying in front of a laptop .
ALT: a cat wearing glasses and a tie is laying in front of a laptop .
media.tenor.com
November 24, 2024 at 8:27 AM
Currently working on a cool automation that sends you a message every time something is added to version v1.0 in the changelog. Would anyone be interested in the code?
I just read that security defaults become disable as soon as there is at least one CAP, is this wise? In practice it can be a very specific CAP, for which many security mechanisms are lost
November 20, 2024 at 12:14 PM
I just read that security defaults become disable as soon as there is at least one CAP, is this wise? In practice it can be a very specific CAP, for which many security mechanisms are lost
Copilot is now part of Entra, and I wonder.
1. How does it handle permissions
2. Can we get access to data we are not supposed to be able to read
3. Does it also perform write/update actions for you, or only read?
This is going to be interesting 💣
1. How does it handle permissions
2. Can we get access to data we are not supposed to be able to read
3. Does it also perform write/update actions for you, or only read?
This is going to be interesting 💣
TLDR; Ignite 2024 👇
Entra 💛 ❤️💚💜 Security Copilot
Here's the day one wrap up of all the exciting Entra news.
Day 1 was all about Microsoft Security Copilot for Entra.
Bookmark ➕ Like ➕ Repost 🙏
Entra 💛 ❤️💚💜 Security Copilot
Here's the day one wrap up of all the exciting Entra news.
Day 1 was all about Microsoft Security Copilot for Entra.
Bookmark ➕ Like ➕ Repost 🙏
November 20, 2024 at 7:12 AM
Copilot is now part of Entra, and I wonder.
1. How does it handle permissions
2. Can we get access to data we are not supposed to be able to read
3. Does it also perform write/update actions for you, or only read?
This is going to be interesting 💣
1. How does it handle permissions
2. Can we get access to data we are not supposed to be able to read
3. Does it also perform write/update actions for you, or only read?
This is going to be interesting 💣
So true !!
Did you know that self-service password reset (#SSPR) is enabled by default for privileged users and does not respect the SSPR settings in Microsoft Entra portal?
November 18, 2024 at 12:12 PM
So true !!
Do you know if there is a large amount of entra sign-in logs example data so I can work on it? I have a cool idea 🙂
November 18, 2024 at 5:12 AM
Do you know if there is a large amount of entra sign-in logs example data so I can work on it? I have a cool idea 🙂
Perfect rainy morning and the new entra.news (: it's like my dad used to read the paper, but instead of wars, I read about the great new CAE video 😜
November 18, 2024 at 5:11 AM
Perfect rainy morning and the new entra.news (: it's like my dad used to read the paper, but instead of wars, I read about the great new CAE video 😜
I love it here. It feels more pure 🙂
November 17, 2024 at 5:50 PM
I love it here. It feels more pure 🙂
Saturday study session 🙃 any good reading materials?
November 16, 2024 at 7:02 PM
Saturday study session 🙃 any good reading materials?
Wrote a small post sharing my random thoughts on some key sign-in fields!🙃 if you're into security logs and detection ideas- you might enjoy it! More rambling to come! 👀
sapirxfed.com/2024/11/14/e...
sapirxfed.com/2024/11/14/e...
Entra Sign-In logs hidden gems
This short post is here to raise awareness about some super useful fields in the sign-in logs. We all know how essential these logs are—if you want to get things done in the cloud, it usually start…
sapirxfed.com
November 14, 2024 at 9:40 AM
Wrote a small post sharing my random thoughts on some key sign-in fields!🙃 if you're into security logs and detection ideas- you might enjoy it! More rambling to come! 👀
sapirxfed.com/2024/11/14/e...
sapirxfed.com/2024/11/14/e...
I have a day off of work today. So, I'm writing a short post for my blog!
a cartoon cat is making a funny face and saying `` yay '' .
ALT: a cartoon cat is making a funny face and saying `` yay '' .
media.tenor.com
November 14, 2024 at 5:19 AM
I have a day off of work today. So, I'm writing a short post for my blog!
No more depression posts on this social media platform! I'm a new, optimistic person!
a cartoon penguin wearing a blue jacket and sunglasses
ALT: a cartoon penguin wearing a blue jacket and sunglasses
media.tenor.com
November 13, 2024 at 7:49 PM
No more depression posts on this social media platform! I'm a new, optimistic person!
Let's create a discussion about #Entra device id in the Sign in logs. For me, it's completely voodoo. One time, my registered device id was PIO, and the next time, it was just exposed there.
a rabbit from the secret life of pets is making a funny face and saying heh .
ALT: a rabbit from the secret life of pets is making a funny face and saying heh .
media.tenor.com
November 13, 2024 at 7:47 PM
Let's create a discussion about #Entra device id in the Sign in logs. For me, it's completely voodoo. One time, my registered device id was PIO, and the next time, it was just exposed there.
One day, you are nothing, and the next day, you are #AADInternals contributer 😎
November 13, 2024 at 7:44 PM
One day, you are nothing, and the next day, you are #AADInternals contributer 😎
OK, I'm here. Now what ? @xpnsec.com 🙈
November 13, 2024 at 7:12 PM
OK, I'm here. Now what ? @xpnsec.com 🙈