Tagged: CyberSecurity


Persistence via App Registration in Entra ID

Cloud Service Principal is the key, abuse the hole, or the misconfiguration. While I’m investigating or attacking the cloud for many components on a daily basis. I find a lot of abuses. Some of them...


Cloud Penetration Testing from the field

Breaking the Cloud via “some service” is every pentester or red reamer mission. While the Blue team, SecOps, and other security teams struggle to minimize the attack surface area, create friction with attackers, and gain...


Be the Purple with Generative AI

If you are interested in artificial intelligence, natural language processing, or cybersecurity, you might have heard of ChatGPT. It is a state-of-the-art language generation model that can produce realistic and coherent text on almost any...

Defender TI 0

Investigation in Defender TI

While investigating an incident, we aim to find the campaign, the attackers, and who is behind the attack – in this situation, Context is Everything. Threat intelligence plays a critical role in many scenarios; an...


Recon Azure AD

Can you monitor or prevent a reconnaissance or enumeration? Especially reconnaissance (recon) on the cloud? Mostly not, and it depends on the recon types. While recon for local (on-premises) resources can be challenging or more...

Defender EASM 0

Defender EASM Glossary

You’ve probably heard about EASM, External Scan Management, Exposure Management, External Attack Surface, and many other interpretations. But the questions are, is this a tool? A capability? Or just the latest buzzword that nobody understands?...

error: Content is Protected !!