Phillip Jones

New Podcast: A chat about career changes with Lee Winbush and Todd Smith. Joined by Jarian Gibson and hosted by Sean Massey. - blogs.worldofeuc.org/a-chat-about-c… #weuc #euc #community #careerchange

My friend invited me to his "casual game night." I thought that meant snacks and maybe Uno. He dimmed the lights, pulled out a whiteboard, and said, "We'll start with Catan, obviously." Obviously. Within 20 minutes, three grown adults were accusing each other of "sheep hoarding" with the intensity of a custody battle. One guy slammed his hand on the table and yelled, "You broke our wheat alliance, Trevor." I don't even know Trevor. I'm just trying to figure out why there's a resource called "ore" and why I'm emotionally invested in it. At one point, someone looked me dead in the eye and asked if I wanted to trade wood. I haven't recovered. We finished at midnight and my friend said, "Next time we'll do something light, like Twilight Imperium." I Googled it. That's not a board game. That's a part-time job with lore.

🔑 KQL Detection for MDI Password Protection Insight Microsoft Defender for Identity (MDI) introduced the Password Protection Portal in March, giving defenders deep visibility into the password hygiene of their Entra ID/Active Directory environments. This new capability is a powerful way to shrink your identity attack surface by highlighting weak, compromised, or high‑risk passwords across your tenant. To complement the portal, I’m sharing a custom KQL detection that provides your SOC with near‑real‑time visibility into leaked credentials. With this detection in place, defenders can rapidly respond to exposed accounts, revoke access, and further harden identity security. KQL Code: github.com/SlimKQL/Detect… #Cybersecurity #DefenderXDR #PasswordProtection

We open sourced the tool used to detect the Axios supply chain compromise! I built it Friday after a red eye home from RSAC. Also, wrote up the full story, including the hectic moments after that first critical alert github.com/elastic/supply…

There is a project on GitHub called Axios. Axios is extremely popular. It is used by millions upon millions of applications. Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites). In simple terms, if you're a programmer doing something with JavaScript, and want to do stuff that communicates with a website in literally any capacity, people heavily recommend using Axios due to its simplicity. Using Axios you don't have to reinvent the wheel and do a bunch of work. All you need to do is import Axios into your code and you're off to the races. Someone (currently unknown) compromised Axios (currently unknown how) to deliver malware to people. When someone updates or installs Axios, Axios itself contains malware. What the malware does is (currently) unknown, but it is being reversed engineered by probably every malware analyst on the planet at this moment. In a few hours more details will emerge. Information is being exchanged in real time on social media and private communication platforms as I write this. Due to the size and popularity of Axios, it is unknown how many are impacted, it could be millions, it could be thousands, or if we're lucky, only hundreds of people or organizations will be impacted. If this is absolute worst case scenario, millions of organizations across the planet have been infected with malware which (currently) we do not understand. However, the likelihood of this is low. It appears Axios being compromised was detected quickly, potentially within minutes (or hours) of it being compromised to deliver malware. Additionally, the likelihood of every single Axios user updating Axios as soon as it was compromised to deliver malware is astronomically low. It is basically zero. The impact from Axios being compromised is devastating, the fallout from this will be a massive headache. This is unironically a malware nuclear missile and will likely be studied in the future.

Things I didn’t know when I started in IT that I know now: - You shouldn’t use the same password for all local admin accounts - You shouldn’t use your Domain Admin account for all administrative duties - 99% of vulnerabilities won’t hurt you. Your time is better spent identifying and fixing the 1% that could - You shouldn’t yolo lone ranger patch vulnerabilities without working with the rest of the team You learn so much (many times the hard way) working in IT, but it’s invaluable experience for those wanting to work in cybersecurity roles later.

Merged some good XDRInternals updates :) Connect-XdrBySoftwarePasskey does exactly what it says, super easy to automate AI access to the portal 🤖 Get-XdrIdentityUserTimeline lets you extract the whole 180 days of user timeline data if you need it github.com/MSCloudInterna…

It took me years to learn error codes, Oauth flows, OIDC, SAML, Legacy Protocols, Device States, nuances of conflicting policies, group conflictions, federations and what to expect when youre the Resource Provider, and so much more. This is not simple stuff and I would be cautious of anyone who says it is. This tool will help tremendously. There is no replacement for putting in the time, hands on keyboard, AND reading the documentation, even in the world of AI. The problem with AI is missing context. Let me provide you an analogy: The last grade I completed before college (present for the entire school year) was 7th. In college, I had a very high GPA. In college, many students used slides to study for exams. I read textbooks, twice and rarely went to class. The difference was the enriched context I got from reading the textbooks. In the AI world, the context you get is similar to slides in college. The documentation is similar to reading the textbooks in college. We are creating a synthesized, abstract, context-limiting world and our minds are being shaped by it. Those who will survive the AI era in their respective professions will be those who read and dig deeper for understanding, those who collaborate well, those who gain and exercise skills in being "liked", and those who push the boundaries of traditions.

👋 We just sent out issue #139 of Entra.News Featuring Daniel Bradley, Nathan McNulty, Jan Bakker, Scott Breen, Sam Erde, James Robinson, Per-Torben Sørensen, Irwin Strachan, Eric Woodruff, Thomas Naunheim, Dennis Johansson, Oliver Müller 1/2

💥 MITRE ATT&CK Explorer was updated with the following: Added Relationship cross-linking in modals, Data Sources tab (empty currently), ATT&CK Navigator-style heatmap, Global cross-section search, Comparison mode, and Platform filter on techniques This will be available for everyone for free, later this month. Currently Elite only: darkwebinformer.com/mitre-att-ck-e…

Homelab with Active Directory and SIEM for security training github.com/0xMR007/Lab4Pu…

Sometimes the call comes a little too late and you gotta do what you gotta do 😂

@itseieio @HackingLZ Can't wait to hit the corner

made a hook that adds a bouncing dvd logo to claude code whenever it's thinking

pov: your vibecoder friend demoing what he built using his $200 claude code max plan

@techspence Yes, more than ever. security is foundational imo, it should be ubiquitous, now to what level is a different question and harder to define.

True or false, cybersecurity skills are necessary for IT admins?

Struggling to understand the impact of the upcoming passkey rollout in Microsoft Entra tenants (MC1221452)? ME TOO. So I had this flow diagram created.

@techspence I would also add CISA SCUBA into the mix

Sure Pentest one a year, but also, don’t wait until your next pentest to: Run Locksmith Run ADeleginator Run PingCastle/PurpleKnight Check shares, sharepoint, wikis for creds