seick's Avatar

seick

@seick.it

Security Engineer | custos nubium #Security #Azure #EntraID #KQL #ConditionalAccess #ActiveDirectory #MDE and a little bit of #macOS

93
Followers 254
Following 40
Posts 13.07.2023
Joined
Posts Following

Latest posts by seick @seick.it

Post image

🚨 Global Secure Access β‰  β€œreplace VPN and done.”

I just published a new podcast with Chris Brum where we break down real-world Microsoft GSA deployments πŸ§΅πŸ‘‡

10.01.2026 17:50 πŸ‘ 6 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Preview
Keynote: Code Dark Age Generative AI is supposed to make our lives easier. But what if it's really just coding us straight into a new Dark Age? We hand over our...

Something for your read/ watch only friday.

media.ccc.de/v/god2025-56...

28.11.2025 10:43 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

One the craziest elements about cybersecurity is you have half the industry sat worrying about cyberwar!1! and going on about quantum and AI, then you have you have the operational reality of what is actually happening on the ground - it bares no resemblance, at all, to what people are focused on.

01.10.2025 15:21 πŸ‘ 245 πŸ” 35 πŸ’¬ 8 πŸ“Œ 1
Preview
Manage external Communications in Teams β€” thinformatics Hey Teams Admins! once in a month, a colleague at thinformatics organizes a β€œWhat’s new” Session where all co-workers can and should share news round about M365, Entra and Azure. This is one tool we’...

You can now define, with granularity, which of your Microsoft Teams users can receive messages from external senders.
I waited for this feature for a long while and was a bit too enthusiastic when I heard about it :). Wrote up my thoughts about this here:
www.thinformatics.com/blog/manage-...

18.09.2025 16:36 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
DEFCON33 - Turning Microsoft's Login Page into our Phishing Infrastructure - Keanu Nys
DEFCON33 - Turning Microsoft's Login Page into our Phishing Infrastructure - Keanu Nys YouTube video by RedByte

m.youtube.com/watch?v=z6GJ...

19.08.2025 21:45 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

"you'll spend more time fighting your own company than actual hackers. devs hate you for slowing them down. management hates you for costing money. users hate you for making passwords hard. you're basically professional party pooper."

there is my new job title... professional party pooper

06.08.2025 13:59 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

doing god's work!

26.06.2025 10:55 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
TokenSmith Meets Evilginx: Token Theft Combined with Entra Conditional Access Bypass
TokenSmith Meets Evilginx: Token Theft Combined with Entra Conditional Access Bypass YouTube video by SYNACK Time

Unfortunately, that was only a matter of time!

This video combines two of the most dangerous tools at the moment associated with phishing - and it's surprisingly simple!
www.youtube.com/watch?v=Dp1z...

Do we have defense options? Read on πŸ‘‡

17.01.2025 07:21 πŸ‘ 10 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0

sorry to hear. I know how annoying this is.

15.01.2025 17:05 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

All you need to know about the TokenSmith Compliant Device Bypass ->

14.01.2025 17:03 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Yeah, rats.. that's true..

07.01.2025 07:56 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Microsoft 365 - GerΓ€te-Compliance-Bypass - < bi-sec > Angriffe auf Microsoft 365 ΓΌber GerΓ€tecompliance-Bypass sind ab jetzt der Standard. Intune-Portal sei dank, kΓΆnnen Angreifer CA umgehen!

The query at the end of this article is less noisy in our environment... thoughts?

www.bi-sec.de/2024/12/28/m...

06.01.2025 15:16 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Bypassing Entra ID Conditional Access Like APT: A Deep Dive Into Device Authentication Mechanisms
Bypassing Entra ID Conditional Access Like APT: A Deep Dive Into Device Authentication Mechanisms YouTube video by Black Hat

Fun part is, he held a presentation about this already in August but nobody seemed interested… www.youtube.com/watch?v=JItn...

05.01.2025 20:42 πŸ‘ 5 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0
Preview
a man sitting in a chair pointing at the camera with the words " this is it " below him ALT: a man sitting in a chair pointing at the camera with the words " this is it " below him
02.01.2025 14:22 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Bypass Intune Conditional Access Using TokenSmith: Detection & Response Discover how to detect & respond to a new exploit bypassing Microsoft Intune Conditional Access Policies using advanced queries in Microsoft Defender XDR.

This blogpost shows a detection query for TokenSmith:
quzara.com/blog/bypass-...

02.01.2025 14:19 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
TokenSmith - Bypassing Intune Compliant Device Conditional Access | JUMPSEC LABS Conditional Access Policies (CAPs) are the core of Entra ID’s perimeter defense for the vast majority of Enterprise Microsoft 365 (M365) and Azure environments. The core ideas of conditional access ar...

Everybody who has something to do with Conditional Access should read about TokenSmith and think about what this could do in combination with EvilGinx2 and what this could mean for your environment. #entraid #conditionalaccess

labs.jumpsec.com/tokensmith-b...

02.01.2025 14:19 πŸ‘ 6 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0

Mostly to study security related topics. But the F1 is a good idea that I did not really have on my radar. thanks.

24.12.2024 09:10 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Fellow non-MSP #Entra security bubble! Without a dev tenant, I’m curiousβ€”how do you set up your personal Azure security test environments? What licenses do you useβ€”Microsoft E5, Business Premium + EMS E5, or a mix? How many licenses for effective testing? Would love to hear your approach on this.

23.12.2024 14:55 πŸ‘ 1 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0
Preview
Announcing a free GitHub Copilot for VS Code Announcing a free plan for GitHub Copilot in Visual Studio Code.

Announcing GitHub Copilot Free!

We're excited to announce an all new free plan for GitHub Copilot, available for everyone today in VS Code.

No trial. No subscription. No credit card required.

Learn more at the link below πŸ‘‡

aka.ms/copilot-free

19.12.2024 08:48 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Objective-See: Tools Free, open-source tools to protect your Mac

Never had such a case but I would start here:
objective-see.org/tools.html

08.12.2024 10:56 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Same…

03.12.2024 05:11 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

fortunately it is only very, very annoying. I did nothing in that tenant that was only in there. Still... a little not would have been helpful to plan better.

02.12.2024 21:41 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

"Your Microsoft 365 E5 developer subscription is for development purposes only and can be revoked if you use it for purposes other than development."...

yeah. sorry. Only want to learn your products and skill up. πŸ™„

02.12.2024 21:25 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

The tenant was still working last week. Was testing something tgere.. At least a little heads-up and a tiny warning would have been nice.

So out of nothing my whole test environment is gone and if I am correct at the moment there is no other way than paying a tenant with all licenses, correct?

02.12.2024 21:03 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Is there any other way we non MSP people can try things out in a test environment and keep our skills up to date without spending several hundred dollars on licenses?

Really annoyed right now.

02.12.2024 20:45 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

Great. My Azure developer tenant, which was working just fine a few weeks ago, apparently expired end of october.

No mail, no warning, nothing. All licenses, roles gone.

I often used this to test security-relevant features, as this was the easiest way for testing as enduser.

02.12.2024 20:45 πŸ‘ 2 πŸ” 0 πŸ’¬ 2 πŸ“Œ 1
Preview
GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday All the deals for InfoSec related software/tools this Black Friday - 0x90n/InfoSec-Black-Friday

For the few people who maybe missed the list:

github.com/0x90n/InfoSe...

28.11.2024 20:19 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
KustoCon 2024 - YouTube

The recordings from KustoCon 2024 are now available on Youtube!

www.youtube.com/playlist?lis...

#kql

26.11.2024 19:56 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

It is on us to make this space useful. The community has always been faster than MSFT365Status and with all MS people coming over to bluesky I am confident that you already can recommend bluesky as a good addition. :)

25.11.2024 19:19 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
GitHub - stevendborrelli/bluesky-tech-starter-packs: A list of tech-related Bluesky starter packs A list of tech-related Bluesky starter packs. Contribute to stevendborrelli/bluesky-tech-starter-packs development by creating an account on GitHub.

have a look at starter packs
github.com/stevendborre...

23.11.2024 20:24 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0