sapir federovsky

Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂 sapirxfed.com/2025/04/28/exp…

This post is SO GOOD! I knew nothing about easy auth, It's so interesting! And the abuse ideas are so creative! It's not the first time i see how env variables on app lead to such things (See MI research by NetSpy). Go read it! dazesecurity.io/blog/abusingEa…

OK I know no one uses it, but if you ever wondered exactly how it works, and what dmsa have to do with that, I just posted SSSO small deep dive 🙂 sapirxfed.com/2025/07/23/i-j…

Do you know someone who still uses seamless sso?

So what's the deal with the SharePoint thing?

More art than science.

my source of knowledge just became my therapist youtube.com/watch?v=nJ_cUT…

Lunch at @Google , today it was Mexican 😁

Just saw this post in the last entra news issue. It's so cool! Very creative and present some new concepts (at least new to me). It's about using one drive write permissions to inject to the ps profile and get some PRTs 😃 labs.reversec.com/posts/2025/07/…

To trigger local SYSTEM authentication for relaying to ADCS or LDAP for LPE you would usually need the printer service or EFS service to be enabled (printerbug/petitpotam). Here is an alternative without this requirement 🤠 github.com/rtecCyberSec/R…

So.. I quit my job

Do you pay for subscription in your private research tenant? (Not work related)

Finally found the time to watch @_sigil talk from @fwdcloudsec and it's so good! I also tried to add a secret to all the sp in my tenant once 😂 so it was fun to see the results of this research! Thanks Katie!🙂 youtu.be/oNpwtt1TEkQ?si…

Pretty old mini research i ended up not posting about avoiding GraphAPI when doing some Entra recon :) sapirxfed.com/2025/02/14/pla…

Really cute post with some new ideas + explanations about known methods. It's really well written 🙂 beyondtrust.com/blog/entry/evi…

This talk by @_dirkjan is really good! He talk about OIDC and EAM, and shows a funny backdoor technique to MITM (kinda) EAM MFA, and inject your(roadoidc) signing keys! If you want to learn about EAM/OIDC, watch it! youtube.com/watch?v=eKFgOt…

!!!!

If JWT is pronounced "jot" then WWW is pronounced "wow". Stop. This. Madness. #JayDubyaTee

My life is about to change very soon, and I'm freaking out 🥴

My favorite talk from Yesterday is the talk by @chrispy_sec youtu.be/Vb_MyY3RQn8?t=… He shows how you can enumerate SharePoint sites, without MS Graph! And this cool URL that allows you download a file and bypass some policies 😁

Done 🙂 post with conclusions will be here soon.