Browserless Entra Device Code Flow

Browserless Entra Device Code Flow

Zugspitze, Bavaria, Germany. Photo by Andrew ChilesDid you know that it is possible to perform every step in Entra’s OAuth 2.0 Device Code flow — including the user authentication steps — without a browser?Why that matters:Automating authentication flows enables ...
Final Steps to BloodHound Federal — FedRAMP High Compliance

Final Steps to BloodHound Federal — FedRAMP High Compliance

Final Steps to BloodHound Federal — FedRAMP High ComplianceEver since SpecterOps first launched BloodHound Enterprise (BHE) in July 2021, one of our team’s biggest frustrations involved a lack of FedRAMP qualifications, which prevented us ...
The Most Dangerous Entra Role You’ve (Probably) Never Heard Of

The Most Dangerous Entra Role You’ve (Probably) Never Heard Of

Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin, but this role is hidden from view in the Azure portal GUI.Why it mattersAn adversary may target the ...
Andy Robbins (RedZone) - Azure Backdoors: How to Hide Them, How to Find Them - Ekoparty 2022

Directory.ReadWrite.All Is Not As Powerful As You Might Think

Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the Global Admin Entra ID role.Why it mattersAzure admins and security professionals may put ...
Microsoft Breach: What Happened? What Should Azure Admins Do?

Microsoft Breach — How Can I See This In BloodHound?

Microsoft Breach — How Can I See This In BloodHound?SummaryOn January 25, 2024, Microsoft announced Russia’s foreign intelligence service (i.e., Sluzhba vneshney razvedki Rossiyskoy Federatsii [SVR]) breached their corporate EntraID environment. We reviewed the ...
Microsoft Breach — What Happened? What Should Azure Admins Do?

Microsoft Breach — What Happened? What Should Azure Admins Do?

Microsoft Breach — What Happened? What Should Azure Admins Do?On January 25, 2024, Microsoft published a blog post that detailed their recent breach at the hands of “Midnight Blizzard”. In this blog post, I will ...
Why Azure B2C ROPC Custom Flows Are Inherently Insecure

Why Azure B2C ROPC Custom Flows Are Inherently Insecure

Microsoft’s Azure Active Directory B2C service allows cloud administrators to define custom policies, which orchestrates trust between principals using standard authentication protocols. One such custom policy that B2C defines by default is ...
PAC Blog_Why Hiring Azure Developers is Important for the Healthcare Industry_main banner copy

Why Hiring Azure Developers is Important for the Healthcare Industry?

| | azure
As healthcare organizations throughout the world implement digital transformations to enhance their services, Azure developers are essential to this technological revolution. Because of Microsoft Azure’s strong cloud computing capabilities, creative solutions customized ...