Yassine El
@yassine-e.bsky.social
#PowerShell
#Security #DevSecOps
#Security #DevSecOps
Reposted by Yassine El
Get ready, folks. 🌟
You’re about to witness ONE. BIG. BEAUTIFUL. ABSURDLY. EPIC. THREAD. 🧵🔥
Some say this might be the MOST EPIC and MOST RIDICULOUSLY LONG identity thread ever written
📗 Bookmark this
Honestly… the cover image alone deserves a like + retweet
DO IT 😂
You’re about to witness ONE. BIG. BEAUTIFUL. ABSURDLY. EPIC. THREAD. 🧵🔥
Some say this might be the MOST EPIC and MOST RIDICULOUSLY LONG identity thread ever written
📗 Bookmark this
Honestly… the cover image alone deserves a like + retweet
DO IT 😂
November 19, 2025 at 3:20 PM
Get ready, folks. 🌟
You’re about to witness ONE. BIG. BEAUTIFUL. ABSURDLY. EPIC. THREAD. 🧵🔥
Some say this might be the MOST EPIC and MOST RIDICULOUSLY LONG identity thread ever written
📗 Bookmark this
Honestly… the cover image alone deserves a like + retweet
DO IT 😂
You’re about to witness ONE. BIG. BEAUTIFUL. ABSURDLY. EPIC. THREAD. 🧵🔥
Some say this might be the MOST EPIC and MOST RIDICULOUSLY LONG identity thread ever written
📗 Bookmark this
Honestly… the cover image alone deserves a like + retweet
DO IT 😂
Reposted by Yassine El
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 17, 2025 at 1:20 PM
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
Reposted by Yassine El
I love passkeys in Microsoft Authenticator, but rolling them out with Compliance and/or App Protection Policies has not been as easy as it should be...
But I have good news - we can create a better experience without introducing significant gaps :)
But I have good news - we can create a better experience without introducing significant gaps :)
Improving passkey registration experiences
Lets see what we can do about minimizing passkey deployment issues with Compliance and App Protection Policy requirements :)
nathanmcnulty.com
September 10, 2025 at 2:50 AM
I love passkeys in Microsoft Authenticator, but rolling them out with Compliance and/or App Protection Policies has not been as easy as it should be...
But I have good news - we can create a better experience without introducing significant gaps :)
But I have good news - we can create a better experience without introducing significant gaps :)
Reposted by Yassine El
Folks, bookmark this 👇
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
August 6, 2025 at 12:38 AM
Folks, bookmark this 👇
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
Reposted by Yassine El
The NIH’s 2024 budget of just under $37B generated $95B in economic activity in 2024 alone. 99.4% of new pharmaceuticals approved from 2010-2019 came from NIH-funded research. I’m hard pressed to think of anything that generates as much direct economic benefit as our NIH did before they destroyed it
TAPPER: 14 Republicans say you're risking undermining critical research by holding up NIH funding
VOUGHT: If they were a company, their stock price would in shambles. They in some respects caused the pandemic. You have an entire institute that does nothing more than DEI research at the NIH.
VOUGHT: If they were a company, their stock price would in shambles. They in some respects caused the pandemic. You have an entire institute that does nothing more than DEI research at the NIH.
July 27, 2025 at 10:49 PM
The NIH’s 2024 budget of just under $37B generated $95B in economic activity in 2024 alone. 99.4% of new pharmaceuticals approved from 2010-2019 came from NIH-funded research. I’m hard pressed to think of anything that generates as much direct economic benefit as our NIH did before they destroyed it
Reposted by Yassine El
This looks like an awesome free tool from Microsoft to help guide an organization through a zero trust assessment, and to help keep track of your progress. #cybersecurity
From: @merill
https://infosec.exchange/@merill/114828836541804825
From: @merill
https://infosec.exchange/@merill/114828836541804825
Merill Fernando :verified: :donor: (@merill@infosec.exchange)
Attached: 1 image Microsoft just dropped a banger spreadsheet to help you level up your security! 🚀 It's a FREE Zero Trust assessment tool with a clear roadmap covering SIX key pillars. Let's break it down! 👇 👥 Identity 📱 Devices 📊 Data 🌐 Network 🏗️ Infrastructure 🕵️♀️ Security Operations
infosec.exchange
July 10, 2025 at 1:00 PM
This looks like an awesome free tool from Microsoft to help guide an organization through a zero trust assessment, and to help keep track of your progress. #cybersecurity
From: @merill
https://infosec.exchange/@merill/114828836541804825
From: @merill
https://infosec.exchange/@merill/114828836541804825
Reposted by Yassine El
🔥 OBAMA: “IMAGINE IF I HAD DONE ANY OF THIS… I say this not on a partisan basis. This has to do with something more precious — who are we as a country, and what values do we stand for?” 🇺🇸
April 4, 2025 at 11:55 PM
🔥 OBAMA: “IMAGINE IF I HAD DONE ANY OF THIS… I say this not on a partisan basis. This has to do with something more precious — who are we as a country, and what values do we stand for?” 🇺🇸
Reposted by Yassine El
Threat hunters rejoice! This is HUUUGE news 👏
Microsoft just introduced linkable identifiers in Microsoft Entra ID logs.
The bad guys 🥷 are going to hate this so much 😂
Learn more at learn.microsoft.com/...
Share the good news 👍
Microsoft just introduced linkable identifiers in Microsoft Entra ID logs.
The bad guys 🥷 are going to hate this so much 😂
Learn more at learn.microsoft.com/...
Share the good news 👍
April 1, 2025 at 3:55 AM
Threat hunters rejoice! This is HUUUGE news 👏
Microsoft just introduced linkable identifiers in Microsoft Entra ID logs.
The bad guys 🥷 are going to hate this so much 😂
Learn more at learn.microsoft.com/...
Share the good news 👍
Microsoft just introduced linkable identifiers in Microsoft Entra ID logs.
The bad guys 🥷 are going to hate this so much 😂
Learn more at learn.microsoft.com/...
Share the good news 👍
Reposted by Yassine El
"18F was explicitly designed to serve as an in-house consultancy that would allow federal agencies to leverage private-sector expertise. As part of DOGE’s sweep, however, it has gutted the group, putting a pause on several ongoing projects to make government services more efficient for users."
‘It’s a Heist’: Real Federal Auditors Are Horrified by DOGE
WIRED talked to actual federal auditors about how government auditing works—and how DOGE is doing the opposite.
www.wired.com
March 24, 2025 at 4:11 AM
"18F was explicitly designed to serve as an in-house consultancy that would allow federal agencies to leverage private-sector expertise. As part of DOGE’s sweep, however, it has gutted the group, putting a pause on several ongoing projects to make government services more efficient for users."
Reposted by Yassine El
Israel Ranked 8th Happiest Country
theonion.com/israel-...
theonion.com/israel-...
March 21, 2025 at 11:00 PM
Israel Ranked 8th Happiest Country
theonion.com/israel-...
theonion.com/israel-...
Reposted by Yassine El
Folks, if you're in IT and don't fit the classic stereotype of white, middle-class guy, you might be eligible for a year's access to the O'Reilly learning platform for free (highly recommended - I use it all the time to dive into tech books). Apply here:
www.oreilly.com/diversity/sc...
www.oreilly.com/diversity/sc...
DEI Scholarship Program - O'Reilly Media
To help members of groups underrepresented in technology develop and sharpen the skills needed to break through barriers within the field, we're offering 500 annual scholarships giving recipients full...
www.oreilly.com
March 19, 2025 at 2:11 PM
Folks, if you're in IT and don't fit the classic stereotype of white, middle-class guy, you might be eligible for a year's access to the O'Reilly learning platform for free (highly recommended - I use it all the time to dive into tech books). Apply here:
www.oreilly.com/diversity/sc...
www.oreilly.com/diversity/sc...
Reposted by Yassine El
As the Gaza body count increases, I wonder how all these supposed 'leftists' & self-styled 'contrarians' who berated me for not applauding Trump for bringing about a 'ceasefire' and 'peace' feel today.
Like fools, I hope.
Because they are indeed fools: they believed Trump.
Like fools, I hope.
Because they are indeed fools: they believed Trump.
March 18, 2025 at 7:51 PM
As the Gaza body count increases, I wonder how all these supposed 'leftists' & self-styled 'contrarians' who berated me for not applauding Trump for bringing about a 'ceasefire' and 'peace' feel today.
Like fools, I hope.
Because they are indeed fools: they believed Trump.
Like fools, I hope.
Because they are indeed fools: they believed Trump.
Reposted by Yassine El
I know the What-If API has been here for a while, but I haven't seen it documented yet.
Anyway, in case it's helpful to anyone, you can do What-If analysis via API ;)
Invoke-MgGraphRequest -Method POST -Uri '/beta/identity/conditionalAccess/analyze' -Body $body
Anyway, in case it's helpful to anyone, you can do What-If analysis via API ;)
Invoke-MgGraphRequest -Method POST -Uri '/beta/identity/conditionalAccess/analyze' -Body $body
March 14, 2025 at 1:11 AM
I know the What-If API has been here for a while, but I haven't seen it documented yet.
Anyway, in case it's helpful to anyone, you can do What-If analysis via API ;)
Invoke-MgGraphRequest -Method POST -Uri '/beta/identity/conditionalAccess/analyze' -Body $body
Anyway, in case it's helpful to anyone, you can do What-If analysis via API ;)
Invoke-MgGraphRequest -Method POST -Uri '/beta/identity/conditionalAccess/analyze' -Body $body
Reposted by Yassine El
Level Up Your App Governance With MDA Workshop Series techcommunity.micros...
#MicrosoftDefender #DefenderforCloud #Security #MicrosoftSecurity #Cybersecurity #DefenderXDR #MicrosoftThreatIntelligence
#MicrosoftDefender #DefenderforCloud #Security #MicrosoftSecurity #Cybersecurity #DefenderXDR #MicrosoftThreatIntelligence
Level Up Your App Governance With MDA Workshop Series | Microsoft Community Hub
Over the past two years, there has been a significant increase in nation-state attacks leveraging OAuth apps. These attacks often serve as entry points for...
techcommunity.microsoft.com
March 13, 2025 at 5:30 PM
Level Up Your App Governance With MDA Workshop Series techcommunity.micros...
#MicrosoftDefender #DefenderforCloud #Security #MicrosoftSecurity #Cybersecurity #DefenderXDR #MicrosoftThreatIntelligence
#MicrosoftDefender #DefenderforCloud #Security #MicrosoftSecurity #Cybersecurity #DefenderXDR #MicrosoftThreatIntelligence
Reposted by Yassine El
This is what happens when 18F goes away: beta.weather.gov has been deactivated, “due to the loss of critical federal staff, which leaves this project without the resources to continue its development or for routine monitoring and maintenance.”
18f.org/projects/#:~...
18f.org/projects/#:~...
March 13, 2025 at 10:19 PM
This is what happens when 18F goes away: beta.weather.gov has been deactivated, “due to the loss of critical federal staff, which leaves this project without the resources to continue its development or for routine monitoring and maintenance.”
18f.org/projects/#:~...
18f.org/projects/#:~...
Reposted by Yassine El
There it is: Speaker of the House says Elon has already started running your Social Security through his AI.
Mike Johnson on Elon Musk: "We meet late into the night in his office and we've looked at that. What he's finding with his algorithms crawling through the data of Social Security system is enormous amounts of fraud, waste, and abuse."
March 2, 2025 at 6:00 PM
There it is: Speaker of the House says Elon has already started running your Social Security through his AI.
Reposted by Yassine El
18F was doing exactly the type of work that DOGE claims to want – yet we were eliminated shortly after midnight. Read our letter to the American people:
18f.org
18f.org
We're not done yet | 18F
18f.org
March 1, 2025 at 11:38 PM
18F was doing exactly the type of work that DOGE claims to want – yet we were eliminated shortly after midnight. Read our letter to the American people:
18f.org
18f.org
Reposted by Yassine El
The derogatory term “rubio” now has three meanings in American slang:
1) A spineless lump of nothing
2) The piece of shit you scrape off the bottom of your shoe
3) A person with no scruples or sense of morality
Example: “Don’t be such a fucking rubio — just think of what your mother would say.”
1) A spineless lump of nothing
2) The piece of shit you scrape off the bottom of your shoe
3) A person with no scruples or sense of morality
Example: “Don’t be such a fucking rubio — just think of what your mother would say.”
As of today, a new term has entered our language. A “rubio” is a spineless lump of nothing. Example: Don’t be such a rubio.
March 1, 2025 at 5:10 AM
The derogatory term “rubio” now has three meanings in American slang:
1) A spineless lump of nothing
2) The piece of shit you scrape off the bottom of your shoe
3) A person with no scruples or sense of morality
Example: “Don’t be such a fucking rubio — just think of what your mother would say.”
1) A spineless lump of nothing
2) The piece of shit you scrape off the bottom of your shoe
3) A person with no scruples or sense of morality
Example: “Don’t be such a fucking rubio — just think of what your mother would say.”
Reposted by Yassine El
PLEASE RP: Windows Server 2025 Delegated Managed Service Accounts
Delegated Managed Service Accounts (dMSA) are a new type of managed service account introduced in Windows Server 2025. They offer several advantages over traditional service accounts and Group Managed Service Accounts (gMSA).
Delegated Managed Service Accounts (dMSA) are a new type of managed service account introduced in Windows Server 2025. They offer several advantages over traditional service accounts and Group Managed Service Accounts (gMSA).
February 27, 2025 at 6:07 PM
PLEASE RP: Windows Server 2025 Delegated Managed Service Accounts
Delegated Managed Service Accounts (dMSA) are a new type of managed service account introduced in Windows Server 2025. They offer several advantages over traditional service accounts and Group Managed Service Accounts (gMSA).
Delegated Managed Service Accounts (dMSA) are a new type of managed service account introduced in Windows Server 2025. They offer several advantages over traditional service accounts and Group Managed Service Accounts (gMSA).
Reposted by Yassine El
The world’s richest man appears to be dismantling the government with an eye toward consolidating power and punishing his political enemies, Charlie Warzel writes. Will it work? theatln.tc/zoCxaorI
February 8, 2025 at 7:35 PM
The world’s richest man appears to be dismantling the government with an eye toward consolidating power and punishing his political enemies, Charlie Warzel writes. Will it work? theatln.tc/zoCxaorI