When Microsoft first disclosed the January Midnight Blizzard attack and posted their subsequent deeper analysis I followed the resulting content with great interest – risks posed by Enterprise Applications are a topic near and dear to me. I will try to keep this article standalone, but it might be a good idea to skim the... » read more
This article is the practical part of the Theory – for the answer to the question "What’s the purpose of all this?", please refer to that Article. To ensure I’m not seen as someone who says "someone should" and then does nothing, here follows a (by my standards) "quick" proof of concept on how password... » read more
Raising the Curtain There are some things that regularly bother me – for example, I often wonder how all the Entra ID API rights demanded by applications are justified. I have spent quite some time with the Privileged Access Management piece – but let’s not get ahead of ourselves, first let’s get to know our... » read more