Dr. Nestori Syynimaa

#AADInternals Azure AD & Microsoft 365 kill chain shows how different attacker roles can get access to #AzureAD and #Microsoft365. Pro tips: 1. Use MFA! 2. Avoid inviting unnecessary guests 3. Minimize # of Global Admins 4. Protect your on-prem servers o365blog.com/aadkillchain/

@_dirkjan @rotarydrone

It appears that Microsoft removed the discovery of all domains in a tenant through ACS, a technique that I shared at my BH/DC talks last summer (though probably not many people spotted the reference). I found it out during a live demo of course 🙃

@Earl553 @Enno_Insinuator @pinkflawd @WEareTROOPERS @ChadBrigance @_Sn0rkY @theevilbit Thank god there are still few months to go..

@Enno_Insinuator @pinkflawd @DrAzureAD @WEareTROOPERS @ChadBrigance @_Sn0rkY @theevilbit Still on it

139 days until the @WEareTROOPERS #TROOPERS26 #10K 🏃🏃🏻‍♀️🏃🏾‍♂️= 139 days to get back into shape 😀. #startingtoday cc @pinkflawd @ChadBrigance @_Sn0rkY @theevilbit @onkelenzo @Schtrudel @Earl553

If you are in the UK we are looking for a principal security researcher to join the team. If you have a threat hunting or incident response background, especially if you deeply understand Entra and other Azure technologies, this may be the role for you apply.careers.microsoft.com/careers/job/19…

This is the difference between water and beer

🤣🏂🏂☃️❄️❄️❄️🛜🛜🛜🛜🛜🛜 LinkedIn would have a fucking meltdown ❄️❄️❄️❄️❄️❄️🤣🤣🤣🤣🤣

The next public edition of my "Offensive Entra ID" course will take place from June 8th to 11th in The Hague! Tickets are now available via events.outsidersecurity.nl/entra-26-07/. Last time the tickets sold out in a few weeks, so don't wait too long if you want to secure a spot.

🔥 @Disobey_fi recordings are out now! youtube.com/playlist?list=…

The recording of my @Disobey_fi talk was published just now. youtu.be/DQ4dnXibaoM

@ddrroohhaann All I know that it's usually soon after the conference, so should be available in early June.

@DrAzureAD Huge Congrats 🎉 Looks like a very relevant piece for the blue team side of the house. As a SOC engineer who deals with a lot of these tools daily, I’d love to read it once it’s out any ETA on when it’ll appear on scitepress.org ?

Got some great news last week! My research paper titled "Inside Hackers' Mind: A Qualitative Study of Offensive Security Tool Developers" was accepted to be presented at the iceis.scitevents.org conference at the end of May 🎉 This is (hopefully) the last paper of my PhD dissertation in @uniofjyvaskyla. Thanks to all the hackers who participated in the interviews; the world will now have a better understanding of the great minds behind the offensive tools used daily by thousands!

@SapperJaeger It will be available at scitepress.org after the conference

@DrAzureAD Can you share? Has a DOI or in Arxiv?

@gzobraJn It will be available at scitepress.org after the conference

@DrAzureAD If it becomes publicly available, it should be a real pleasure to read it.

@reprise_99 That would have been interesting 😂

@DrAzureAD Did you interview yourself for this?

Abstract Offensive Security Tools (OSTs) are widely used in the cybersecurity industry by both defenders and attackers. Due to potential negative consequences, the ethicality of publishing OSTs is widely debated. OSTs are often published by so-called White Hat hackers, who generally aim to do good. This raises the question: why publish something that can be used to cause harm? In this qualitative research, we seek to understand the background, motivation, and ethical views of OST developers. For this purpose, ten well-known OST developers were interviewed. The findings show that OST developers do carefully consider ethical issues when developing and publishing their tools. They are motivated by non-financial factors, such as making the world a safer place. Finally, OSTs seem to have a strong positive professional consequences to their developers.

manual DHCP

My bag mascot got a new friend from down under. Thanks @merill!

Skipped øl og rød pølse at #ELDK26 and went for a mandatory run in the new city. Thanks for (a bit icy) route tip @Jonas_B_K!

Recording available here: youtu.be/6MoV7SEEkJg

@SamErde Not there yet! I'll put aside a sticker for your new laptop.

@DrAzureAD Nice! Who won the challenge? My laptop with the old sparkly AADInternals sticker just got returned to its corporate owner so hopefully I’ll catch up with you someday for a sticker on my new hardware! 😀

Getting ready for #ELDK2026! I've got some #AADInternals stickers, just come and say hi to get one. The first one will also get a rare challenge 🪙!

@stokfredrik World is full of *icks and haters, don't worry about them. 🫵 rock 🤟😎 and your content is 💎 !

Comments are back on. A few years ago I wasn’t feeling to good about the comments on my videos, I wasn’t feeling good at all tbh, Some comments became harsh and personal for no reason other that trolling, or being asshats. So I turned them off, all of em. I sucked since I used to love spending time in the comments, But I wasn’t media trained and I created YouTube videos for the fun of it, I loved bounties, I was learning about web hacking and everything related to it. And figured il share that excitement. And I’m A pretty stoner looking adhd energetic kinda guy. Of course that didn’t run well on all People, but the comments that where personal did still hurt, I wasnt ready for it, and with a nice dash of rsd I eventually got so worried about comments and what people thought about my stuff that I eventually stopped creating content. that’s what felt most logical and safe for me at the time. I realize now that I kinda robbed my community from their voice by turning off the comments, the video is yours afterall, I just created it, but the experience of watching it is yours, and you should have the right to comment what you feel on it. So comments are back on (YouTube) Be nice to each other, and Who knows maybe il light a spark and help me start feeling like creating stuff again. I got so much to share and talk about, l m.youtube.com/stokfredrik