Korstiaan

Our course is live go take a look.

Incident Response in the Neocloud ⛅️ Check out the next part on Lambda Cloud invictus-ir.com/news/incident-… #stayInvictus #CloudIncidentResponse #NeoCloud #LambdaCloud

📷 The SaaS Hardening Checklist: - Kill "Shadow Consent" – Disable user consent and implement an Admin Consent Workflow. No unvetted app should touch your data. - Audit Permissions – Understand Delegated vs. Application-level access to ensure the principle of least privilege. - Restrict App Access – Require explicit user assignment on first-party apps to block attackers from exploiting "trusted" tools. - Enforce Hygiene – Build application cleanup into your standard off-boarding process. Read the full breakdown: invictus-ir.com/news/the-silen… #StayInvictus #SaaS #CloudIncidentResponse #EntraID

We just published an emergency blog on the #Axios compromise. A must read for incident responders and everyone who's been overwhelmed with supply chain package compromises. invictus-ir.com/news/the-poiso… #stayInvictus #CloudIncidentResponse #NPM

Blog coming soon

Very excited about this new release. It's been a goal for a long time to have live cloud labs that include Google Cloud and Google Workspace. Which AFAIK no one is doing, give it a go and tell me what you think!

Our latest research is live on a recent #AiTM case we worked on together with BIO-ISAC This blog dives into the underlying infrastructure of modern phishing campaigns and includes Indicators of Compromise of this recent campaign. invictus-ir.com/news/the-invis… #stayInvictus #CloudIncidentResponse #AiTM

Have you ever wondered, what modern cloud compromises look like? This is your chance to investigate one, our newest lab is ready for you! Sign-up now to investigate our latest lab👇 cloudlabs.invictus-ir.com #stayInvictus #CloudLabs #CloudIncidentResponse

Our latest research on OAuth apps is now live. In this blog we take a look at some case studies where Entra ID apps were abused. We have also included actionable advice on how to prevent these issues in your environment: invictus-ir.com/news/entra-oau… #stayInvictus #CloudIncidentResponse #SaaS #EntraID

Happy is an understatement! This year we will be teaching both our AWS and Microsoft Cloud IR course at @BlackHatEvents in Las Vegas. Grateful for this opportunity!

🧪New year, new lab, same quality! Another lab inspired on real life incident response cases. If you've worked on incidents in Entra ID you probably know the importance of 𝘌𝘯𝘵𝘦𝘳𝘱𝘳𝘪𝘴𝘦 𝘈𝘱𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴 and 𝘈𝘱𝘱 𝘙𝘦𝘨𝘪𝘴𝘵𝘳𝘢𝘵𝘪𝘰𝘯𝘴. This lab is a deep dive on a lot of different techniques attackers abuse around apps in Entra. #stayInvictus #CloudLabs #CloudIncidentResponse

First article on X, let's see if it works!

@UID_ Als je ergens een vast adres hebt dan kan ik je swag updaten

@KorstiaanS Is dus een gvd goed shirt man. Draag hem echt veel.

Had a great dinner with my neighbour, who also lives full-time on his sailboat.

InfoSec vs. Microsoft

Cloud Labs update for November, we've been cooking in the lab! In our new scenario you can play with EKS, ECR, pipelines and more fun stuff in the cloud. Sign up now and profit of the #BlackFriday deal! cloudlabs.invictus-ir.com #stayInvictus #CloudLabs #CloudIncidentResponse

Someone tried to hack us, read what happened next... invictus-ir.com/news/the-story… #stayInvictus #CloudIncidentResponse #DFIR #BEC

Get your checkbooks ready....

Back with a bang 🧨 A new post in our Cloud Threat Actor series, today is Part V on 𝐒𝐢𝐥𝐤 𝐓𝐲𝐩𝐡𝐨𝐨𝐧 a.ka. HAFNIUM 🐼 So far we've covered: - TraderTraitor - Sea Turtle - Laundry Bear - JavaGhost Blog: invictus-ir.com/news/profiling… #StayInvictus #CloudIncidentResponse #DFIR

Get in there! @BlackHatEvents is offering a £300 discount, enter the code 𝐇𝐀𝐂𝐊𝐓𝐇𝐄𝐏𝐑𝐈𝐂𝐄 at registration! Register: #advanced-cloud-incident-response-in-azure-and-microsoft-365-2508-45487" target="_blank" rel="nofollow noopener">blackhat.com/eu-25/training… #stayInvictus #CloudIncidentResponse #DFIR

🔙 We’re back with a new blog, this time diving into a recent incident response case study. Check it out 👇 invictus-ir.com/news/anatomy-o… #stayInvictus #CloudIncidentResponse #BEC