Devin McLean

@N3mes1s same hash referenced in x.com/KulinskiArkadi…

@akshay_pachaar what did you use to make these images?

Traditional RAG vs. Agentic RAG, clearly explained (with visuals):

The ADSyncCertDump tool is now part of the adconnectdump tools and can be used to extract SP credentials from Entra ID connect hosts. I will cover that during my BH/DC talks today and Friday! Tool is heavily based on Shwmae by @_EthicalChaos_

Search 15M+ Microsoft 365 tenants by org name or domain and discover all known domains in the same tenant: micahvandeusen.com/tools/tenant-d…. Legacy methods like Autodiscover/GetFederationInfo no longer work (mc.merill.net/message/MC1081…).

opsec like bedrock

This is interesting - a compilation of the well known GUIDs Microsoft uses in cloud This list includes Ids for a bunch of permissions, applications, licensing SKUs, and more We can query Graph API app roles, licensing SKUs, etc., but this is pretty nice github.com/MicrosoftDocs/…

CTF players be like

If you like to know what's happening with threat trends, check out @redcanary's mid-year update to our beloved Threat Detection Report! redcanary.com/threat-detecti… A couple highlights are in a thread, or join our webinar on October 10 to hear from my teammates redcanary.com/resources/webi…

Where has this been all my life?

As CrowdStrike continues to work with customers and partners to resolve this incident, our team has written a technical overview of today’s events. We will continue to update our findings as the investigation progresses. crowdstrike.com/blog/technical…

Attackers think in graphs. Defenders now think in GraphRAG Knowledge Models? @JohnLaTwC

Candor is an under utilized organizational value. The ability to have hard conversations and be honest and frank across all levels of leadership should be rewarded.

Enterprise defenders have grappled with the rise of ORB networks & how to talk about this growing trend among China Nexus threat actors. We dropped a blog on Universal ORB Anatomy, an enterprise framework empowering defenders against this threat class cloud.google.com/blog/topics/th…

Thanks to @stianstrysse for the push to look at this :) # Find all SAML apps with a cert expiring in the next 30 days Get-MgServicePrincipal -Filter "PreferredSingleSignOnMode eq 'saml'" | Where-Object { $_.KeyCredentials.EndDateTime -lt (Get-Date).AddDays(30) }

@likethecoins Congratulations!

I'm honored to join the CSRB, and I look forward to working with my fellow members to drive positive change in the cybersecurity community.

👏 Folks! Provisioning security groups from Entra ID to on-prem AD just went GA! 🤩 With this, you can move to a cloud-first approach to managing groups in Entra ID while allowing on-prem apps to continue working. Even better, you can use ID Governance to govern access to on-prem apps and make use of access reviews, lifecycle workflows and more! This feature is available in Entra Cloud Sync which can run side by side with Entra Connect Sync! Learn more → learn.microsoft.com/en-gb/entra/id… Bookmark this + like and repost to share with your network. Thanks!

I hope there's a command to flood IRC channels :D

OG?