Wessel Hissink
@WesSec_
Things I say on Twitter are personal opinions and views. Team Blue | DFIR | Bug bounties Full time Blood Glucose manager
Mercedes will let you onboard your car in Intune? This is the stupidest thing I've heard this week.
About 5 years too late…
We're investigating an issue where some users may be experiencing issues with Microsoft Teams. Please look for TM1112332 in the admin center for more updates.
I had a small injury in my wrist, so I got an "ergonomic" mouse which forced me to position my hand in a specific way. Result: My keyboard shortkey usage tripled and I barely touch the mouse anymore.
PopOS! is underrated
Some of you need to hear this. Just because @pewdiepie installed Arch Linux doesn’t mean you need to. Ubuntu is fine. PopOS! Is fantastic. Only go down the Arch path if you have a lot of time on your hands or you want to be better than everyone else. :)
Nice milestone yesterday: got my first paid bounty for a responsible disclosure find. Had hall of fame mentions before, but never received a financial reward. Funfact, it was for a report from over 2 years ago. I’m not in the game for money, but it still feels like an achievement
With this KQL query, quickly check if apps with Mail.Send permission actually are sending mails or if they're overprivileged. gist.github.com/WesSec/ab50caf… Is there a repo combining permissions with graph endpoints? Could be interesting.
Friday morning shenanigans, from "why is this feature so slow" to a responsible disclosure email in 60 minutes. Hopefully I'll be able to blog about this one, stay tuned..
"When eM Client is first granted permissions within a tenant, a service principal is created in Entra ID." It's good practice to monitor for all service principal creations, here is a simple KQL query to do so: gist.github.com/WesSec/dea051a… (exclude automated/non user stuff)
And we are live... Enjoy the highly anticipated forensics deep dive on #eMClient invictus-ir.com/news/forensic-…
Do you work with ASR? This is a great little blog post that explains a bit about the inner workings of ASR l--k.uk/2022/03/23/mic…
Today is a good day to check who and what as access to your data Google: myaccount.google.com/connections Microsoft: account.microsoft.com/privacy/app-ac…
Welcome to the era of the token. In the past, attackers had to breach networks, bypass security controls, escalate privileges, and evade detection just to reach confidential data. Now? A single OAuth authorization - granted with one click - can hand over access to emails, files,…
We need to stop calling everything a critical vulnerability. You're only vulnerable if you have VerifyHostKeyDNS enabled (it's disabled by default and only enabled in specific situations)
🚨 Critical OpenSSH Vulnerabilities – Patch Prioritization KQL to identify all your internet facing OpenSSH servers vulnerable to CVE-2025-26466 and CVE-2025-26465. Get your engineers prioritize patching these servers to version 9.9p2 that is released today. Shields Up Scotty!
This is a heavily overlooked topic in the field. Protect your tokens
I came across GraphPreConsentExplorer which lets you extract a list of first party apps and their pre-consented permissions 👇 reddit.com/r/entra/commen…