Keanu Nys
@RedByte1337
Offensive Security Lead @ Spotit. Creator of GraphSpy
🚀I'm finally releasing GraphSpy to the public!🕵️ A powerful offensive security tool focused on making initial access and post-compromise enumeration in Microsoft Entra and M365 much more convenient during penetration tests and red team assessments! github.com/RedByte1337/Gr…
I just noticed that the domain enumeration technique with the Autodiscover endpoint is suddenly not working anymore. This is what tools like @DrAzureAD's AADInternals (Get-AADIntTenantDomains) used to allow unauthenticated enumeration of all domains linked to an Entra ID tenant.
Grab a seat for one of @AlteredSecurity's three popular Red Team classes at @BlackHatEvents Azure Attacks Advanced (In-Person) - Break an Azure environment with focus on evasion and opsec. AD Attacks Advanced (Virtual) - Learn to break an enterprise environment with all…
I am very excited to share that I’ve been accepted to speak on one of the main stage tracks at @defcon this August in Las Vegas! 🎉 Can't wait to share this research on one of the biggest stages in the hacking community! 🔥 Let me know if you’ll be at #DEFCON33! #DEFCON
ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), and more! blog.badsectorlabs.com/last-week-in-s…
💡Learn how to restrict device code flow in Entra ID! janbakker.tech/how-to-restric…
📧 GraphSpy 1.5.0 is out now and brings a brand new Outlook Graph module! ✅Read emails in any folder ✅Send HTML-formatted emails directly in GraphSpy ✅Access shared mailboxes ✅Search for sensitive information like passwords 🔗Check out GraphSpy here: github.com/RedByte1337/Gr…
Microsoft seems to have recently deprecated the legacy account.activedirectory.windowsazure[.]com endpoint, which GraphSpy was using to list and add MFA methods for a user. GraphSpy 1.4.3 now utilizes the mysignins[.]microsoft[.]com API now (which is also a FOCI resource!)
![RedByte1337's tweet image. Microsoft seems to have recently deprecated the legacy account.activedirectory.windowsazure[.]com endpoint, which GraphSpy was using to list and add MFA methods for a user.
GraphSpy 1.4.3 now utilizes the mysignins[.]microsoft[.]com API now (which is also a FOCI resource!)](https://pbs.twimg.com/media/Gom26cVWoAArWts.png)
![RedByte1337's tweet image. Microsoft seems to have recently deprecated the legacy account.activedirectory.windowsazure[.]com endpoint, which GraphSpy was using to list and add MFA methods for a user.
GraphSpy 1.4.3 now utilizes the mysignins[.]microsoft[.]com API now (which is also a FOCI resource!)](https://pbs.twimg.com/media/Gom3RboWQAA5-or.jpg)
I just published this week's Entra newsletter! Featuring @12Knocksinna, @alitajran, @Christian_Frohn, @Ciraltos, @DanielatOCN, @mariussmellum, @NTFAQGuy, @Shehanperera85, @RedByte1337, @TheImmaturedad, @fabian_bader, @Thomas_Live, @cbrhh Read at ➡️ entra.news/p/entra-news-8…
GraphSpy just hit 600 stars on GitHub after releasing version 1.4!✨ This version introduces the new Entra ID module, better loading animations, and JSON syntax highlighting. Check it out here: github.com/RedByte1337/Gr…
Defenders use cross-origin requests through CSS url() or injected JS to leak your phishing URL in the HTTP Referer header. Today, I've been reminded about the excellent post by Keanu Nys @RedByte1337, which contains a lot of great evasion ideas! insights.spotit.be/2024/06/03/cli…
Last week to register in the Azure Red Team Expert bootcamp from @AlteredSecurity! Join me during the 4 live sessions in October to level up your Azure Red Teaming skills. alteredsecurity.com/carte-bootcamp
Enrollment is open for October 2024 batches for three of @AlteredSecurity's popular bootcamps. Learn on-prem and Azure red teaming with us. Join @RedByte1337 and me for these hands-on live classes. alteredsecurity.com/bootcamps #RedTeam #Pentesting #Azure