BitFisk

@DrAzureAD Even starlink on ships is starting to get stable <100ms, did you travel back in time or something? 🤣

F**k

@patrickmagee @AZJackson85 PR approvals are the real gatekeepers :-p

@AZJackson85 always build in release mode! oh... wrong build discussion

Oh no, I may have picked the wrong build this season 😏😏😏

@jloiselle1 @zer0trus7 @reprise_99 Considering its easier to find ops people than proper SecOps, market value which is dictated by supply and demand , states one is more valuable than the other

If I was a blue teamer and an adversary had to use a zero-day to compromise my environment, I think I would probably ask for a raise, possibly before even invoking incident response. They use it on you it's a pretty great compliment.

@bbaskin Red team taking penetration test to the next level 😂

It happened. It finally happened. reddit.com/r/Malware/comm…

@fabian_bader If it truly is devicebound, then that is indeed awesome 😊 i will have to see and test it before i trust that something is not overlooked 😅

@BitFisk The current announced preview for Entra ID is limited to device bound passkeys. So it will never leave the device. One less thing to worry about 😉

What's your take on #passkeys in the enterprise? Any reservations, doubts, limitations you see? Regardless of your vote, please comment. #passkeys #EntraID #IDP

@fabian_bader Then i would be a lot less concerned. But in the current form i fear the consequences of having that being the security frontier for the enterprise identity 2/2

@fabian_bader My biggest concern with passkeys is that the weakest link becomes the icloud account (or similair) which often is a personal account and thus often is subject to weaker security. If it was possible to restrict the pass key from being roamable through icloud etc 1/2

@Am_dexter @rodtrent I cant see it either, says page not found :-(

@rodtrent Can you share a working link?

Visualize Entra Password Spray Attack with ADX Interactive Map | LinkedIn linkedin.com/pulse/visualiz… #MicrosoftEntra #MicrosoftSecurity #Cybersecurity #Azure #AzureAD #Identity #CloudSecurity

@rootsecdev @fabian_bader @NathanMcNulty First step for sure is to move configurations needed out of gpo to either intune or another Endpoint management tool. It is indeed a journey, but the end result will be a much smoother running machine (we hope, we still arent fully there yet 🙂)

For example reconfiguring AAD connect to no longer do hybrid join enforcement. Setting up new OU’s in AD without GPO enforcement. Taking inventory of your current GPO posture and ensuring you can do equivalent coverage from within Intune. When I look at these two community notes. That’s the type of stuff that I’d start thinking about to migrate over and it sounds like it may be a mess for some orgs to do.

Dear Microsoft, Please make up your minds... Sincerely everyone cc:@NathanMcNulty

@dragon199421 @SecurityAura @ITguySoCal Its the app displayname

@SecurityAura @ITguySoCal OfficeHome mean?, I know about deviceID etc?

In our last few IR engagements we have found “OfficeHome” a pretty reliable application for detecting threat actors, in particular when the DeviceID field is empty. Happy Hunting! #CyberSecurity #DFIR

Remember the time Azure AD did not support group nesting? 😅

@UlfLundh We did it personal. With a group enforcing passwordless as support helped the users one by one. Each in charge of their own area, with dashboard to follow progress

@JefTek @sahilmalik @ITguySoCal Or just show the login window in a proxied iframe, allowing them to record the session and abuse the token? Very curious if that is covered aswell

After watching this video, it appears that users will be required to scan a QR code to use a passkey stored on the phone. I hope the MDO team develops tech to detect malicious QR codes pretty quick as users who get comfortable scanning QR codes from personal devices are going to get owned. Current best practice is to train users to not scan QR codes since MDO doesn’t have ability to block malicious QR. so now we will have to untrain the users which will then hackers will exploit the confusion. It’s a tricky problem so I think a near field signal would be better than a QR scan.

@patbatemansdong @PezRadar No. Players stop as it gets boring doing the same stuff after a while, even more so if there is no reward to chase. If drop rates went up it would just mean people would stop sooner

@PezRadar Can you guys add bad luck protection to Duriel? I have done 700 runs without a shako or grandfather and a guy in my group just got both of them in 12 runs. This isn’t fun and it’s horrible game design and it’s why players quit.

New hotfix out for #DiabloIV Hotfix notes here: us.forums.blizzard.com/en/d4/t/hotfix…

@EdgeAdsX @0gtweet @DrAzureAD @birdsarentreal That would be a terrible feature, imagine troubleshooting someone who wasnt quite sure and accidently put it in ultra ultra secure mode by swapping back and forth while thinking 😂

@0gtweet @DrAzureAD This! unless it’s a secret combo lock, where the code is the tick/untick pattern the robot spy birds peck. @birdsarentreal

I have questions..

@NathanMcNulty Which makes it fragile if the computer is not often (or ever) used for internet browsing, thus not regularly logging into edge. But the fact that it matters even if using outlook, seems rather silly when its a hybrid joined device where user is logged in with UPN allready :-)

@NathanMcNulty What i mean is that even if the user is logged into pc which is hybrid joined and has active prt. It doesnt send device id for authentication through outlook, only if the user is logged into edge, then it correctly sends the device id. Which imho makes sense

Friendly reminder - device based policies in Conditional Access do not work in private mode or if browsers have not been configured properly (see Note in image) This is needed for registered/Entra joined states, compliance checks, and filter for devices #supported-browsers" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/azure/ac…

@FractalPrism @Qwik No its not.. the resson it felt awefull is that people could buy their character more powerfull with real money.. you cant in d4 as its only cosmetics, skins, so pretty much like all other games atm…

@mattjay Got any good suggestions of some to apply to? :-) been looking for vendor neutral community’s for some proper sparring opportunities

Since I’ve been asked a lot - there is no 1 super secret chat room & I don’t own the invite capability of any of them. I’m in roughly a dozen such spaces among Signal, slack, discord and more. The point being, I trust the convos in these spots more than your rsa booth brochure