passtheprt

@fabian_bader Scawyyyy

Sometimes it's the small things that make me happy. And this is a big small thing: You can now assign a security group from a foreign tenant to your Azure resources.

@UK_Daniel_Card Claude code has been substantially nerfed. Before, you were at least able to reason with it to continue building. Really not fun ATM; though I haven't tested in a minute..

This is very funny..... I'm not sure why but Claude suddenly dicided we couldn't build pentest tools... but now after we had a little chat, it's building the tool! LOL

I wonder how many Entra ID admins take this warning seriously! We saw an update on the docs regarding enforcement 🤭🤭 If you haven't already, double-check your device filters.

@DanielatOCN @chrispy_sec Not another configuration menu 🤣 Actually a cool feature though. I hate activating SIF-related CAP—with that, it will be better.

@chrispy_sec Great write up Chris! Now you just need to find the right feature flags to enable it in the UI ;)

If you're curious to see how you can backdoor conditional access policies by using a legitimate hidden condition then have a gander here: labs.reversec.com/posts/2026/04/…

@chrispy_sec I'm pretty sure the time-based activation was introduced with the Conditional Access Optimization Agent. The Agent can roll out policies and activate them at a given date. Anyway, an interesting approach to creating a shadow policy.

Wow, this article is so bad - clearly written with Claude, and they are not even trying to hide it. Yes, it's sponsored. bleepingcomputer.com/news/security/…

@_JohnHammond @HackingLZ Not having DcF blocked in the big 2026 🥱🥱

Wild story on a big AI-powered social engineering campaign, leveraging Device Code phishing to steal Entra ID/Microsoft accounts -- all with entirely unique and personalized per-victim lures from vibecode-crafted infrastructure 🤯 Video link below cuz the X algorithm hates me: 👇

@Tur24Tur @S1r1u5_

@Tur24Tur This shit got nerfed so hard, hate the new patch..

Banned from Claude Code in 30 Minutes The plan was simple: probe Claude Code APIs through Burp Suite (TLS checks off) and responsibly disclose anything interesting via HackerOne. My custom AI agent was also testing Claude Code's APIs in the background, so it was a joint effort between the two of us About 30 minutes in, the testing was almost done. A few basic checks accessing a chat ID from a second account, finding a way to use the model for free, hunting for hidden or unreleased models all dead ends. Then, 35 minutes later, two emails from Anthropic arrived. One: account banned. The other: a $200 refund. Creating a new account led to an instant ban. Changing IPs didn't help either. After figuring out the ban checks, a new account was finally created. No more poking at Claude Code APIs. ¯\_(ツ)_/¯ #BugBounty #Claude

@S1r1u5_ When I first saw this, I couldn't help but think about that tweet. Coincidence?

>> It appears your recent prompts continue to violate our Acceptable Use Policy. If we continue seeing this pattern, we’ll apply enhanced safety filters to your chats. Learn more » Here we go!!!!

@sam_nasri13 @RoryCrave @h4x0r_dz @hetmehtaa Ye, who exactly?

@RoryCrave @h4x0r_dz @hetmehtaa Yah yeah who ??

We all know who the guy is

@IAMERICAbooted Agree, they should be excluded directly by all CAPs except the one enforcing Fido-Auth.

The answer is True if you use Defender for Cloud Apps or XDR. In Defender for Cloud Apps, if you are using Conditional Access Application Control, it requires a CAP to delegate the Access and Session to DFCA. Therefore, your Emergency Access Global Admin accounts need to be excluded from the CAP. Emergency accounts should be excluded from all CAPs. This is one good example of why.

@vxunderground Rare smelly w

United States President Donald J. Trump posted this message on social media today. Personal grievances the Trump administration it asserts it has with other countries and political theatrics aside, the notion that the United States even hints are exiting NATO is a PROFOUND cybersecurity issue. Yes, NATO deals with traditional military stuff (land, sea, air, space), NATO also deals with things in the digital domain (cyberspace). NATO (non-United States) has historically shared a great deal of intelligence with each other regarding state-sponsored threats to the United States. Likewise, the United States has shared intelligence on state-sponsored with our NATO allies. It makes me incredibly nervous that this idea of exiting NATO is floated or threatened. NATO cybersecurity space deals a lot with ICS/SCADA (Industrial Control Systems, which is things like water treatments plants, nuclear energy facilities, telecommunication systems, etc) and anything else which possesses a military threat to the United States and it's citizens. I am unsure of the impact leaving NATO would have on our cybersecurity intelligence. The idea makes me very nervous. The United States is constantly under siege from foreign adversaries (notably China, Russia, North Korea, Iran). Additionally, I have great concern that if we left NATO it would damage our relationship with European allies which have been of significant importance apprehending Threat Actors who have done extreme damage to the United States. Part of the FBI's success in apprehending ransomware actors have been our strong relationship with EUROPOL, and European allies apprehending individuals residing outside the United States. Chat, this unironically makes me very nervous.

@DanielatOCN .. until we find the next API

Microsoft have finally patched another tenant domain enumeration loophole > ourcloudnetwork.com/microsoft-quie… Since Microsoft Patched the Get-FederationInformation endpoint from enumerating tenant domains, researchers and services like my TenantDomainFinder have been using a legacy ACS endpoint to enumerate all tenant domains. However, it looks like from today, Microsoft have quietly patched this exploit! #Entra #Microsoft #OSINT

@nikhil_mitt @_RastaMouse

Giveaway - Our instructor-led advanced bootcamps for sharpening your Red Team skills start this weekend. Attacking and Defending Active Directory - Advanced Edition (CRTE) starts this Friday. Advanced Windows Tradecraft - Evasion Techniques for Red Teams (CETP) starts this Saturday. I am giving away one seat for each of the bootcamps. To participate, please Follow @nikhil_mitt and @AlteredSecurity, Like, Comment and Repost. We will announce the random winners on Wednesday. alteredsecurity.com/bootcamps?utm_… #RedTeam #Evasion

@manelrodero Policy Sets are great for this. They have been around for a while but are a very unknown feature of Intune. They come with some limitations, but for deploying a new baseline they are great.

In an Entra ID + Intune environment, what method do you use to test things before putting them into production? Do you use exclusion groups in applications, configurations, etc.? What is your procedure? Thanks. #MSIntune #EntraID

@HaakonWibe The App Control Policy Wizard is what you are looking for.

I can't find these 8 preset base policies for App Control? 🤔 The Intune docs seem very outdated as well, referencing controls that aren't there anymore (probably a good thing given that disabling trust of Windows components can lead to issues)

@SkipToEndpoint Thoughts on this? trustedsec.com/blog/managing-… Specifically the end of the blog :)

Least privilege isn’t optional in your identity platform or in your cloud infrastructure. It shouldn’t be optional in your endpoint management platform either. skiptotheendpoint.co.uk/intune-adminis… #Intune #Security #RBAC #ZeroTrust

@zeroxjackson I have a wonderful use case!

Are you brave enough to admit you don’t have a use case for open claw?

Every Entra ID assessment ends here: “How do I get a token without triggering Conditional Access controls?” 🤔 @rbnroot built CAPSlock, an offline ROADrecon-based Conditional Access engine that simulates sign-ins & flags gaps without touching the tenant. ghst.ly/4aKIk64