Dr. Nestori Syynimaa

#AADInternals Azure AD & Microsoft 365 kill chain shows how different attacker roles can get access to #AzureAD and #Microsoft365. Pro tips: 1. Use MFA! 2. Avoid inviting unnecessary guests 3. Minimize # of Global Admins 4. Protect your on-prem servers o365blog.com/aadkillchain/

At just 13 years old, Dylan Ryan-Zilavy became the youngest security researcher to collaborate with MSRC. What started with Scratch and HTML quickly evolved into submitting impactful vulnerability reports, respectfully challenging scope decisions, and even helping shape MSRC’s…

Updated customer guidance for SharePoint vulnerability CVE-2025-53770

I just noticed that the domain enumeration technique with the Autodiscover endpoint is suddenly not working anymore. This is what tools like @DrAzureAD's AADInternals (Get-AADIntTenantDomains) used to allow unauthenticated enumeration of all domains linked to an Entra ID tenant.

Calling all MSRC Identity security researchers! We've dropped new domains into scope. Ready, set, go, hack! msft.it/6012sBFuy

🤣🤣🤣

(1/4) Meet @DaveKawula, Principal Consultant at TriCon Elite Consulting, Enterprise Consultant, Technology Evangelist, Best Selling Author & #TechMentor Conference Co-Chair.

Career Village will be hosting online sessions leading up to the BSides Orlando conference, we welcome submissions for the CFP for these online talks, if you have a great career talk please submit to the CFP! bsorl.org/cfp

Congratulations to all who renewed their Microsoft MVP status for the next year 🎉🔥

Another Monday. Another week of… endless emails, annoying meetings, and oh look, a three-headed monkey behind you! Now that we have your attention, we can unveil the agenda for #RomHack2025 romhack.io/romhack-confer… #infosec #securityconference

Updated to include RomHack! identitysummit.cloud orangecon.nl mcttp.de brucon.org romhack.io blackhat.com/sector/2025/

Now it's official, I'm not a certified MAD anymore 🤪

My Central Europe / Canada tour looks like this, looking forward to seeing excellent presentations and having inspiring discussions 🔥 See you in September! identitysummit.cloud orangecon.nl mcttp.de brucon.org blackhat.com/sector/2025/

#RomHack2025 #cybersecurity training sessions are starting strongly, with Dirk-Jan’s course already fully booked! If you're thinking about joining one of our trainings, now’s the time to plan >> romhack.io/training/ #CyberSecurity #CybersecurityNews

🛰️ Have a talk or workshop idea ready for launch? The BSides Orlando 2025 CFP is now open! Whether you're a first-timer or seasoned spacewalker, we want your submissions. 🚀 Submit your mission: bsorl.org/cfp

CALL FOR CONTRIBUTORS Join our team as a red/blue contributor :) - Challenging, realistic emulations - Hack & forensicate vendor devices - Creative control over your scenario - Small, supportive, and collaborative team - Full credit for your work & payment Your work will be…

Pretty cool! If you use the tool with a public client and scope from entrascopes.com you can add this to roadtx interactiveauth with the -url parameter to catch the resulting token 😀

We just sent out this week's Entra newsletter. Get the latest at entra.news/p/entra-news-1…