Gladstomych

@rootsecdev ah the metadata endpoint, one of the best REST APIs to have graced the web

Reminder... even Microsoft keeps decent red team documentation. learn.microsoft.com/en-us/entra/id…

@BritishImpact @BSidesLondon I heard chatters in Bsides that canary tokens via custom CSS might be unsupported soon-ish due to MS side changes? Not 100% positive though or whether that affects the Thinkst canaries

@gladstomych @BSidesLondon You should add something that strips out Thinkst Canary Tokens from the custom CSS. Although I think they use really random domains

TokenFlare is now public 🔥 Serverless AiTM phishing for Entra ID - deploys in <60 seconds on Cloudflare's free tier. Dropped it at @BSidesLondon last Saturday. The room's reaction told me we cooked. blog: labs.jumpsec.com/tokenflare-ser… repo: github.com/JumpsecLabs/To… Demo 👇

@Octoberfest73 @BSidesLondon Thanks man - no support for both at the moment but passkey downgrade is on our roadmap

@gladstomych @BSidesLondon Nice work! Forgive me as I’m not super familiar with AiTM && Entra ID, would this work when client certificates and/or passkeys are used?

Huge thanks to @BSidesLondon for the platform. Genuinely some of the best community vibes I've experienced. And thank you to @JumpsecLabs gang for the journey - you know who you are!

What makes it different? - No infra - just `tokenflare.py deploy` - Free tier Cloudflare Workers - Built-in bot blocking - Webhook notifications on cookie capture - Sub-minute setup vs hours for alternatives

@rootsecdev our new tool TokenFlare addresses this and detects the nativeclient redir and points the user to an operator defined redirection - check it out! - github.com/JumpsecLabs/To…

@rootsecdev Hey there, author of TokenSmith here - yeah we never intended people to use that directly for phishing - landing someone at /nativeclient a pretty odd UX

It looks like Microsoft is shutting down some of the shenanigans I have been using with TokenSmith URL's to bypass device code flow scenarios... and bypassing some CA policies. For Example I have been using the ZTNA Network Access Client client ID for some know bypass fun with Entra Scopes >> entrascopes.com/?appId=038ddad… RIP #Azure #Pentesting #Cloud

@vxunderground @mrgretzky also uh pls pick me, i’m a cat tryin to be Hello Kitty

@vxunderground @mrgretzky Happy holidays folks

Our friend @mrgretzky hooked us up with 12 Evilginx Mastery courses - making it the 12 days of Evilginx Xmas:) Course details: academy.breakdev.org/evilginx-maste… Comment below for a chance to win.