Eric Woodruff | MVP | CIDPRO

At @WEareTROOPERS I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well. You can read all about it here: #Entra #M365 #infosec semperis.com/blog/noauth-ab…

If you work in, around, near, adjacent, or so on, to #identity, including #infosec and #Entra, you should fill out the #IDPro skills survey. It takes five minutes and really helps in understanding the industry landscape. surveymonkey.com/r/L9QB6T2

Check out this new blog post from @_wald0 discussing the fundamental components & mechanics that enable the emergence of critical Attack Paths in Microsoft's increasingly popular Intune product. ⬇️ ghst.ly/3Cd5cwH

If you consume multi-tenant apps in #EntraID, and they’ve been granted consent to do things in your tenant, you can spy on the auth choices your vendor makes - secrets or certs - in the logs available in your #Entra tenant. #infosec #azure #m365 ericonidentity.com/2025/01/13/spy…

I finished my talk at BHEU! The attack methods and techniques shared in the talk are not a great deal, but I hope this serves as an opportunity to draw attention to the importance of security measures for Intune. Here is the tool released for the talk. github.com/secureworks/py…

New #AADInternals version is finally out now: ▪ Moved endpoint related stuff to new module: AADInternals-Endpoints ▪ Added blue team stuff: Get app consent info, find backdoors, convert SID<>Entra ID Object ID, find abusable dynamic groups ▪ Added red team stuff: Get ESTSAUTH…

Wednesday, December 11th, Trimarc Active Directory Security Assessment Service Lead Jake Hildreth joins the @Antisy_Training crew for a free one-hour #infosec training session on: 🔒 Finding and Fixing AD CS Issues with Locksmith Jake will cover the essentials of Public Key…

M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay & forwarder for MiTM attacks! >Relays Kerberos AP-REQ tickets >Manages multiple SMB consoles >Works on Win& Linux with .NET 8.0 >... GitHub: github.com/decoder-it/Krb…

Device-bound #passkeys in #EntraID are finally GA aka.ms/Ignite2024/ent… #AiTM #Security #FIDO2

Curious about the sessions you missed at #RomHack2024 this year? Here you go: @ericonidentity - UnOAuthorized: The discovered path to privilege elevation Find a schedule that works for you and start watching 👉 youtube.com/watch?v=JQOVPA…

For those that *really* miss the old AAD portal: rc-aad.portal.azure.com/#view/Microsof… #Entra #EntraID

Still hard to not laugh when you see things like this in a #Entra tenant 😅

A quick debriefing with @ericonidentity, @kfosaaen, and @Thomas_Live after @HIPConf at @crescentbrew 🍻

En route to #HIPConf24, where I’ll be presenting on #UnOauthorized, as well as joining a panel with @Thomas_Live, @gkirkpatrick, @GGrillen and @shorinsean on workload identities, and having some good hallway conversations. Looking forward to seeing folks! #Entra #infosec

Redmond bound for @MSFTBlueHat, co-presenting with @SecretlyHidden1 “The Two Sides of UnOAuthorized” 😎 It will be my sixth trip out to the PNW - one of my favorite parts of the country to visit, so I’m excited for many reasons!

To those people attending your session that nod along and smile and seem to understand what you’re talking about - 🫡

I propose that @cyberriskall would better serve their speakers if they didn’t give out speaker contact information to vendors. It takes a lot of time to prepare for big conferences… and the payment is “sorry we missed you” spam from vendors 🙄

Created an interactive web version of EntraFIDOFinder now too as well as updated the module. Made a quick blog post it, let me know your thoughts. clatent.com/2024/10/entraf… #PowerShell #MicrosoftEntra #Security