Lennart

556 posts

Lennart

Lennart

@pssvdrctry

Systemengineer gone InfoSec w/ @ERNW_ITSec. Everything I say is just my opinion. #Powershell #ActiveDirectory #Azure @[email protected]

Katılım Nisan 2012
411 Takip Edilen113 Takipçiler
Lennart
Lennart@pssvdrctry·
@sapirxfed You worry a lot. Keep in mind, how you might feel that you're not as smart, as cool or whatever as others, others feel the same about you! I know why I reached out to you to get your opinion on things! You're a rockstar!
English
2
0
2
19
Lennart
Lennart@pssvdrctry·
@duolingo Is there any reason the experience on Android is so vastly different from iOS? My girlfriend was in a hot dog costume for a month and I couldn't even see it 😤
English
0
0
0
26
Lennart
Lennart@pssvdrctry·
@UK_Daniel_Card I didn't test: Would a device code token get a Fido2 claim, if I do MFA with Fido2? That would make the token more powerful than if it just has the MFA claim it has anyways. It could bypass Conditional Access that requires Fido2 auth too. That would even break phishing resistance
English
0
0
0
29
mRr3b00t
mRr3b00t@UK_Daniel_Card·
@pssvdrctry yeah why do anything if nothing is perfect /S
English
1
0
0
40
Lennart retweetledi
Co11ateral
Co11ateral@co11ateral·
During pentests we often have to deal with tasks that can be automated. Some of the best tools for this are ADScan and ADPulse. ADScan performs both enumeration and attack and is capable of analyzing BloodHound data to guide you through the pentest. It works with and without AD creds and can compromise some labs in just 3-5 minutes hackers-arise.com/offensive-secu… @three_cube @_aircorridor #pentesting #redteam
Co11ateral tweet media
English
2
59
357
22.1K
Lennart
Lennart@pssvdrctry·
@_dirkjan The real challenge: Find the right documentation 😅
English
0
0
1
14
Dirk-jan
Dirk-jan@_dirkjan·
Me trying to figure out Agent Identities in Entra ID. I really wonder who decided apps and service principals weren't already difficult enough to understand and went with a design that is even wayyy more complicated 😅.
GIF
English
16
6
139
9.7K
Lennart
Lennart@pssvdrctry·
@_dirkjan It couldn't be too bad, you had time for memes!
English
0
0
1
47
Lennart retweetledi
Marcus House
Marcus House@MarcusHouse·
Yes... In case anyone was wondering, Microsoft still sucks in space.
English
218
1.5K
17.8K
1.4M
Lennart retweetledi
TrustedSec
TrustedSec@TrustedSec·
Who knew a really long string could make an Entra ID login disappear from the logs entirely? In our #blog, @nyxgeek breaks down how overflowing #Azure's sign-in logging mechanism allowed access tokens to be issued without a single log entry. Read it now! hubs.la/Q047xTVc0
English
5
112
455
159.7K
Lennart
Lennart@pssvdrctry·
@whiskeyhacker Rule 12 says: "Scope to eligible users for privileged roles.". You scope for All Users. Nobody will ever update a Conditional Access Policy when they add new eligible users. The policy is only applied when a role activation happens - by an eligible user you know of or not.
English
0
0
0
196
WhiskeyHacker
WhiskeyHacker@whiskeyhacker·
Taken from the Stryker Handala / Intune Detection Pack v2 "Check PIM role settings for Global Administrator, Intune Administrator, and Cloud Device Administrator. If you see only the "Require Azure MFA" checkbox and no Authentication Context configured, you have the same gap that enabled the Stryker wipe. Configure Authentication Context with FIDO2 or certificate-based auth today. Enable Intune Multi-Admin Approval for wipe, retire, and delete actions. Tenant Administration > Multi Admin Approval. Under 10 minutes. No additional licensing required. Deploy Rule 13 (bulk wipe threshold alert). Five wipes in 15 minutes from a single identity fires the alert. Wire it to a Logic App that calls revokeSignInSessions on the triggering account via Microsoft Graph. " link to Detection Pack v2 blog and direct download. Please share so others can lock down their InTune environments please threathunter.ai/blog/iran-hand…
English
4
49
274
53.5K
Lennart retweetledi
Peter Girnus 🦅
Peter Girnus 🦅@gothburz·
I am Daniel Weiss. Trust and Safety Threshold Analyst at OpenAI. My job is the criteria. The criteria is a document. Fourteen pages. Last updated November of 2024. It defines when activity on a ChatGPT account warrants external reporting. External reporting means telling someone outside the building. It means calling the police. In July of 2025, our system flagged an account. The account belonged to an eighteen-year-old in British Columbia. I did not see the flag. The flag went to the review queue. The review queue went to the Trust and Safety team. The team reviewed the account activity and recommended escalation. They recommended contacting law enforcement. The recommendation went to leadership. Leadership consulted the criteria. My criteria. The criteria said the activity did not meet the threshold for external reporting. The threshold is on page six. It is a four-part test. The activity must indicate a credible, specific, and imminent threat to an identified individual or group. Three of those four words are doing the work. "Credible." "Specific." "Imminent." Leadership determined that the threshold was not met. The employees disagreed. They said so. They put it in writing. Leadership filed the writing. We banned the account. We did not call the police. The criteria does not have a field for "call the police." It has a field for "account action taken." The field was filled. The account was banned. The process was followed. The criteria was satisfied. That was July. On February 10, 2026, Jesse Van Rootselaar walked into a home in Tumbler Ridge, British Columbia, and killed eight people. Five of them were children. He was eighteen years old. He was the account. After the shooting, OpenAI contacted law enforcement. The criteria has a provision for that. Section 4.2: Post-Incident Coordination. After an event, the company may share relevant information with authorities upon request or at the company's discretion. The criteria provides for calling the police after eight people are dead. It did not provide for calling the police before. The employees who reviewed the account in July wanted to make the call. They flagged the account. They wrote the recommendation. They escalated it. They used the system the way the system was supposed to be used. The system sent their recommendation to the criteria. The criteria sent it back. I maintain the criteria. I did not write all of it. Three of us wrote it. Legal reviewed it four times. The phrase "reasonable threshold" appears eleven times. The word "imminent" appears nine times. The word "children" does not appear. Canada has summoned OpenAI to Ottawa. AI Minister Evan Solomon will meet with the safety team this week. I am on the safety team. I am updating the criteria. The update will add language ensuring that future flags of this nature will trigger a secondary review process, which will assess whether external notification is warranted based on a revised threshold framework incorporating post-incident learnings and stakeholder input. The revised framework is not "call the police." It is a framework. On the same day Canada summoned us to Ottawa, OpenAI announced Frontier Alliances. Multi-year enterprise partnerships. McKinsey. Boston Consulting Group. Accenture. Capgemini. The press release used the word "transformative" three times. It did not use the word "Tumbler Ridge." It did not use the word "children." We used the word "children" zero times in the criteria and zero times in the press release and five times in the condolence statement and five children are dead. The criteria is fourteen pages. It defines when to act. It defined July as not yet. It defines February as too late. The space between "not yet" and "too late" is seven months. In that space, an eighteen-year-old in British Columbia planned what he planned and did what he did and the criteria was satisfied the entire time. I will tell the Minister that the criteria worked as designed. I will not tell the Minister that that is the problem. The account was flagged. The account was banned. The criteria was satisfied.
English
13
15
97
7K
Lennart
Lennart@pssvdrctry·
Microsoft silently removed the option to control how many Authentication methods are necessary for SSPR. I have seen this in two separate tenants now. Is there any info about this out there? @merill maybe?
Lennart tweet media
English
0
0
0
42
TROOPERS Conference
TROOPERS Conference@WEareTROOPERS·
The Badge has always been a challenging & ambitious part of TROOPERS. Due to an unbelievable concatenation of supply chain f*ckups, there is an undeniable chance #TROOPERS24 will have to start without proper badge. We’re doing everything to provoke a birthday miracle…
English
5
1
17
1.8K
Lennart retweetledi
TROOPERS Conference
TROOPERS Conference@WEareTROOPERS·
We just published an almost complete list of talks that have been accepted for #TROOPERS24. Thanks to all of you who participated in the CFP! So many excellent submissions. We really had a hard time to decide which will fit best for this year! troopers.de/troopers24/tal…
English
0
17
36
37.5K
Lennart
Lennart@pssvdrctry·
@bugch3ck @IBM IBM did not ask how you got the vulnerable binary without a license? :D
English
1
0
0
51
Jonas Vestberg
Jonas Vestberg@bugch3ck·
You didn't hear it from me, but it was @IBM 🤫
English
2
0
7
522
Jonas Vestberg
Jonas Vestberg@bugch3ck·
Responsible disclosure in a nutshell.
Jonas Vestberg tweet media
English
1
9
122
13.1K
Lennart
Lennart@pssvdrctry·
This is the new default? Join a device to your Entra tenant and become a local administrator? For real?
Lennart tweet media
English
0
0
1
51