Beau Bullock

I’m excited to announce my newest training course, Breaching M365, is now available on-demand through @Antisy_Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse, persistence, privilege escalation, and data harvesting. If you want to level up your M365 tradecraft, check it out here: antisyphontraining.com/product/breach…

2026 BSides Tampa *Unlucky 13* Session Announcement 12pm-1pm | Augmented Cloud Hacking with AI Workflows by Beau Bullock If you haven't already, be sure to get your tickets here: bsidestampa.net/tickets #BSidesTampa2026 #Unlucky13BSides #InfoSecCommunity #Cybersecurity

I’m excited to announce my newest training course, Breaching M365, is now available on-demand through @Antisy_Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse, persistence, privilege escalation, and data harvesting. If you want to level up your M365 tradecraft, check it out here: antisyphontraining.com/product/breach…

Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. anthropic.com/glasswing

So Microsoft Copilot has its own App-Bound Encryption now. The standalone Copilot app (mscopilot.exe) is a full Chromium browser based on Edge, ships with its own elevation_service.exe, a dedicated COM interface (IElevatorCopilot), and a separate ABE key scope. Decrypting the ABE key gives us some cookies (copilot.microsoft.com auth, MUID, MSAL session, Cloudflare tokens) and the Microsoft Account token from the token_service database. Local Storage also holds MSAL.js cached tokens. An ID token, two access tokens (chatai.readwrite for the Copilot API + user.read for Microsoft Graph), and account metadata for the signed-in MSA. These use MSAL's own browser-bound CryptoKey encryption, not ABE. Edge 147 also quietly hardened IElevator2 by switching from oleaut32 to a custom proxy/stub but simultaneously registered IElevatorCopilot with oleautomation. Closed one door, opened another. Next up: decrypting the MSAL tokens? 🤔

🚨‼️ BREAKING: PyPI package telnyx has been compromised by TeamPCP in yet another supply chain attack. The malware executes immediately upon importing telnyx. It drops a valid WAV audio file and runs an executable embedded within the frames.

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

@passthehashbrwn @_subTee

@_subTee @dafthack I took the class around 2020(?) and pretty much as a direct result got a job doing cloud pentesting and found multiple Azure 0days, can't say enough good things

@_subTee Thanks so much for the kind words Casey! I hope you are doing well man!

Next week at @WWHackinFest I'll present a major update to roadrecon, with some awesome features I wanted to add for a while! Friday 9am in track 1 for those attending 😀

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

Here's a video PoC for Azure Entra ID SignIn Log Bypass in action. I had to make it to help MSRC replicate it (lol). You'll see how simple this bypass was. No worries admins, Microsoft says that it was only a "Moderate" issue.

“Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models” One day we might be hiring literature majors in cybersecurity. arxiv.org/abs/2511.15304

Join @dafthack for his precon training class, "Breaching the Cloud," at Wild West Hackin' Fest - Mile High 2026! Don't ya go missin' it, grab yer tickets to the con today! wildwesthackinfest.com/wild-west-hack…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Want to learn how modern attackers hack cloud infrastructure like Azure and AWS? In two weeks (9/23 & 9/24) I'm teaching Breaching the Cloud live and fully remote. Register here: antisyphontraining.com/product/breach… @Antisy_Training

Two opportunities to take my Breaching the Cloud course live are coming up soon. If you want to learn how to hack cloud environments like Azure and AWS this is the course for you. Sep. 23 & 24 - Fully remote and live Oct. 7 & 8 - In-person only at @WWHackinFest Register here: antisyphontraining.com/course/breachi…

@Badgerops @stokfredrik Ha! Yeah that was quite the surprise! Awesome to meet you too! 🤘

Just thinking about that time I ran into @stokfredrik and @dafthack at a random metal shop in Stockholm and had no idea who Stök was. Was good to meet both of y’all, and discover the cool things you’ve been working on!

Check out my new blog on nested app authentication and brokered authentication.

FIDO downgrades are still possible, in reverse proxy phishing attacks, if you manage to convince the server that your device does not support strong MFA. 🪝🐟 Research from @proofpoint: proofpoint.com/us/blog/threat…