Anders Kristiansen

@wizards_magic Make magic magic pls!

With every calm word and calculated strike, Leonardo shows what it means to be a leader. #MTGxTMNT

@matifiedcustoms Nice One. Hopefully I win this 😂

🤩!!Foil Playmat Giveaway!!🤩 We would like to giveaway an official Magic the Gathering Dominaria United stained glass playmat that was customized and foiled out by me. All you have to do is: Follow us Repost Like the Post I'll pick a random winner Sunday 1/25, Good luck to everyone!

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Excited to share my latest blog post on XDR Unified RBAC! I dive deep into how you can streamline security management by unifying role-based access control across your XDR platform. Check it out here: anderskristiansen.com/post/2025/xdr-… #Security #XDR #RBAC #Cybersecurity #InfoSec

Microsoft is starting to move antivirus providers out of the Windows kernel. Security vendors are about to test new Windows changes in a private preview that's designed to prevent another CrowdStrike incident. Full details and interview 👇 theverge.com/news/692637/mi…

Detect and shut down token attacks as they happen. Check out token protection enforcement in Microsoft Entra. youtu.be/gPcNlm0CyOw #TokenProtection

@rucam365 Well ok. Thanks for clarifying 😀

@pelsner Not sure I follow - or maybe my first tweet needs explained. It's "just" a script to grab CA policies then make sure a group is listed in the exclusions (if not, add it).

What’s one thing about Defender, Entra, or Purview you wish you'd learned sooner? Operational or technical. I'll go first: Have a scheduled job to auto add emergency access (break glass) accounts to all Conditional Access policies. No comment re why this makes my list...

@_dirkjan Nice one

Pretty proud of this one, took a lot of work. And no, this device does not exist 😎

Assuming I'm reading this one correctly, this one is a pretty big deal. Continuing my take on it in a thread, but read the blog from @xybytes here: xybytes.com/azure/Abusing-…

Attention IT Pros! The Microsoft UEFI CA, which SecureBoot relies on, will expire on Monday October 19, 2026, after 15 years of validity. Mark this date in your calendar. Devices require a Firmware/DB update; otherwise, stop booting. 🔒#WindowsSecurity support.microsoft.com/en-us/topic/kb…

This is so important

Cool new summary rule for log ws learn.microsoft.com/en-us/azure/az…

@rucam365 Follow best practice, so Yes.

Do you exclude at least one global admin account from all Conditional Access? I'm in the nope camp. Generally have two accounts with different Conditional Access requirements; likelihood of both failing is slim. Risk of that is preferable to single factor GA. What do you think?

@msandbu Great post

New blogpost, how does #copilot for security work and is it worth it? msandbu.org/how-does-copil…

@karimscloud And you can set higher worklow permission to the GitHub token than set in portal 😃

You can manage secrets and env vars on a GitHub repository without having the admin role for the repo🤯 Not knowing this, I've worked around the limitation by creating a central function to de-privilege users nicruo.com/posts/2024/03/…

OpenAI + Figure conversations with humans, on end-to-end neural networks: → OpenAI is providing visual reasoning & language understanding → Figure's neural networks are delivering fast, low level, dexterous robot actions (thread below)

Since we're talking about MS Graph... Did you know that the combination of... ● Organization.ReadWrite.All ● Policy.ReadWrite.AuthenticationMethod ...enables escalation to Global Admin? Details here: posts.specterops.io/passwordless-p… Enforce 👏 M 👏 F 👏 A 👏for Global 👏 Admins 👏

@_wald0 @StephenHinck Hi are your figure 17 (app permissions use case ) available for download anywhere?

Starting now: join me and @StephenHinck in the #BloodHound Slack. Ask us anything about the recent Microsoft breach, especially the technical details of the attack path. Not in the BloodHound Slack yet? Join here: ghst.ly/BHSlack