NEW: The developer of the long-running and popular open source text editor Notepad++ has confirmed that China government-backed hackers hijacked the software's update feature for months during 2025.
The hackers could access computers of victims who were running hijacked versions of Notepad++.
Highly recommended password manager, and works nice in combination with Windows Hello and locked database ππ»ππ»
TPM is a very interesting topic - as far as i know there is fTPM for Firmware TPM (embedded TPM in CPU) and dTPM (Discrete TPM, dedicated TPM chip), which both can be Version 2.0, but, for example, fTPM is better mitigated against BitLocker coldboot attacks.
I don't know who needs to hear this, but there is no such thing as securing BYOD, especially non-mobile OSs
You may limit damage your regular users can cause, but you are not keeping out an attacker when you accept a model that allows access from unknown, unmanaged devices
You should also read this great article by @ajf8729.com for Windows Firewall, too - needed it in the past for EntraID joined devices with certificate auth, highly recommended!
You should watch Jessica Paynes amazing Windows Firewall presentation - and then read this excellent blog about endpoint isolation medium.com/@cryps1s/end...
If you have to do with EntraID you must read and understand this amazing thread - and also follow @nathanmcnulty.com π
#BitLocker #Windows #Security
neodyme.io/en/blog/bitl...
It's the best and most secure Windows ever - i like it, too π especially with enabled security baseline and enabled App Control (fka WDAC)
NTLM v1 is removed from the latest version of Windows
Oh by the way
Windows has issue:
Person: fuck this I'm going to Linux
Narrator: and they quickly learned to hate two operating systems.
Device-bound #passkeys in #EntraID are finally GA
https://aka.ms/Ignite2024/entra
#AiTM #Security #FIDO2
In this blog post i breaks down how attackers can exploit and abuse service principals and what you can do to defend against it.
Check it out here:
laythchebbi.com/index.php/20...
#AzureSecurity #PrivilegeEscalation #OffensiveSecurity #CloudSecurity #Cybersecurity
Microsoft CEO Satya Nadella on stage at Ignite announcing the companyβs new Windows 365 Link mini cloud PC www.theverge.com/2024/11/19/2...
Quick reminder to check out the #Microsoft community starter packs.
We have new starter packs + starter packs updated with new folks.
So hit up the page and update your follows so you can connect with more folks.
Please add if I've missed any.
bluesky.ms/starterpacks/
I am going at Microsoft Ignite talking about how Windows is changing post the CrowdStrike incident. See you there!!
ignite.microsoft.com/en-US/sessio...
Great tip, i also used it in the past, so much better than Fiddler or Burp, always nice to use built-in tools without admin rights π
Almost embarrassed to post this, but I've always used Fiddler or Burp for capturing things like this...
I didn't have admin rights and was trying to capture network traffic from a pop-up, so Dev Tools wasn't working
Apparently this is built into Chrome/Edge! So cool :)
edge://net-export/
How are you protecting your M365/Azure environment from on-premises attack vectors for compromise?
I always recommend reviewing this guide here as a checklist of actions you should be taking and implement them: aka.ms/protectm365 #entra #security #m365 #o365 #identity #azure #microsoft
Austrian Airlines' farewell to the Twitter.
This was Austrian Airlines' final post over on the Twitter.
Bluesky explained in 60 seconds!
π¦ Introducing bluesky.ms π = A crowdsourced database of anyone and everyone in the Microsoft community on Bluesky.
π Add yourself and anyone you know today π
π« All are welcome.
This is my v1, I'll add options to directly follow from the site itself but first π
LET'S FILL IT UP! π
