ChrisPy

This incredible duo of Leonidas Tsaousis (@laripping) & James Henderson are taking the stage at Offensive X to talk about ‘’ There and Back Again: An Attacker's Tale of DCs in AWS’’ #OffensiveX2025 #CyberSecurity #AWS #RedTeam #CloudSecurity #InfoSec #Hacking

Great presentation & next level memes by @LAripping and James Henderson! @TheOffensiveX

consulting.withsecure.com/articles/top-5… Was an interesting experience helping to write this and taking a step back from the usual deep dives. But ngl dealing with my general repetitiveness and trying to fit nuances for three big cloud providers in one article turned out to be a hard task😂

Last talk shout out for @nojonesuk and @_Skybound who talked about how to build a new AWS environment. By consultants for consultants and without any extra external consultants! Worth a check out if you’re interested in some of the challenges we faced youtu.be/rai0bTOamG0

Check out @Thomasbyrne__ ‘s talk as well if you wanna see some more usage of RoadRecon with Microsoft Graph! youtu.be/dTUeAhzmIu8

My talk was published mega quickly as its own video by @fwdcloudsec (thanks btw!) So feel free to check it out if you wanna learn some fun SharePoint research outcomes and learn about a “pre-signed url” equivalent method of accessing SharePoint files! youtu.be/l5lpIF_QZCE

It’s a packed house over at @_sigil talk on Azure Service Principals, a history on backdooring them, and more!

Check out @_sigil 's talk on Entra 1st-party service principal abuse currently airing at fwd:cloudsec youtube.com/watch?v=0BTBK3… Deffo a good watch in the current livestream or when the individual talk video drops later on in the channel

Heya got a talk happening later today pretalx.com/fwd-cloudsec-2… where I’m gonna talk about some interesting SharePoint findings! Last one will be particularly interesting to folk 👀 Should be at this live stream youtube.com/live/Vb_MyY3RQ…

Hey @NathanMcNulty gathering some data and wanted to get your thoughts. On the topic of exclusions, what are the best approaches for Conditional Access in Entra and exclusions for endpoints in MDE in the context of a large enterprise? CA policies I'm a fan of Restricted AU sec…

An in-depth look at the recently published EchoLeak vulnerability on M365 Copilot by @Aim_Security_ that could lead to data exfiltration just by sending an email to a user who uses Microsoft Office365 Copilot. youtu.be/Myf1cLsUxsk

I love how when I'm testing CA policies I can just google around a bit and find @NathanMcNulty 's detailed guides around some of the issues😂 P.S Also pro-tip for people playing with attributes remember that there is an Attribute assignment AND definition adm role

I did a thing. Thanks @CloudSecPod for having me!

This is truly amazing. The Deputy White House Press Secretary is claiming that I'm wrong, and that the "tariff rates" on Trump's chart were calculated by "literally" measuring every country's tariffs and non-tariff trade barriers. To prove it, he screenshots the formula the USTR…

With a process that began two and a half years ago, I'm very excited to announce that I've written a book with @nostarch! 🎉 "Practical Purple Teaming" tells you all you need to know to get started with collaborative offensive testing. nostarch.com/purple-teaming

Obligatory tactical repost of my talk from @Disobey_fi this year! Hopefully people use this to get inspired and show us some more cool less explored attack surfaces in Entra and Azure youtu.be/iwLaWPisu64?si…

Yo check out my friend James’ talk on protocol confusion attacks Deffo an excellent use of 40 mins if you’re into cool lower-level attacks youtu.be/gcsdrQH0fOQ?si…

Excellent talk from @martinhaller_IT on various attacks against Entra! Would deffo recommend to folk to watch the vid when it gets published by @Disobey_fi

Storm-2372 now device code phishing for PRTs... dirkjanm.io/phishing-for-m… (detection KQL in blog)

Massive thanks to @DrAzureAD for being able to get one of these cool badges! Coming in early-ish clearly was the right call 😂 Will be playing around with it alongside my bro to get it working (or break it more)