Xavier Ashe Nov 16
Wow, what a wonderful day at @bsidesatl ! They put on a great conference and I was honored to have been part of it. I held a privacy workshop and gave a #fedvierse talk. I just posted the worksheets from the workshop and the presentation from the talk over on the #BSidesAtl Discord: https://bit.ly/bsidesatl-discord
HamishthepiperNov 11

Excited to be putting the finishing screenshots in my #bsidesatl presentation about some new security controls that #AzureEntraID has made available around App Consent and Workload Identity protection. #entraid #Microsoft365 #cloudsecurity @bsidesatl

https://pretalx.com/bsidesatl-2025/talk/review/DMYAZJ83ZMUH8XWWPTTSBTKUYGDUHBJL

New Locks, Old Keys: Evaluating Microsoft’s Latest Controls Against Service Principal Abuse BSides Atlanta 2025

Abuse of Service Principals in EntraID has been a longstanding favorite of APT groups. In recent years, that knowledge has trickled down to eCrime actors and is leveraged for ransomware and extortion. Microsoft has introduced two (and a half) new security controls to address this in 2025. Each has its pros and cons, but as with any security control an understanding of the risk it mitigates is crucial to balance the tradeoffs against potential business disruption. In this talk, we'll go over three scenarios in which Service Principals are abused and which controls would be relevant to address this risk. We'll also explore how to perform your own testing to evaluate whether the controls you configure are functioning as expected.

DFIR NotesOct 25, 2024
Updated the blog to link slides PDF and source for "How Not to Have A Bad Time with Risky Data" B-Sides Atlanta 2024. Talk was not recorded. https://www.dfirnotes.net/hownot_links/ #BSides #BSidesAtl
How Not talk links

How Not… talk: slides and links Herein are some books, articles, and people that we read, skimmed, or thought fondly of while preparing the “How Not to Have a Bad Time with Risky Data” talk seen at B-Sides Atlanta 2024

mcdwayneOct 23, 2023
I had a great time and so many awesome conversations at #BsidesATL earlier this month. I wish I could have covered every single element, but I did my best to capture the spirit of the event. I hope you get something from it too 😄
https://blog.gitguardian.com/bsides-atlanta-2023/
Connecting with the community at BSides Atlanta 2023

Dive into BSides Atlanta 2023, the largest free security event in the South! Explore insights from top security professionals on Web3.0, cloud vulnerabilities, and more.

GitGuardian Blog - Automated Secrets Detection
mcdwayneOct 14, 2023

"Where to Start? Start at the End...Point"

From Belinda Mobley

At #bsidesatl

mcdwayneOct 14, 2023
"Improving Incident Response or is it Incident Management."
from Reggie T Davis
at #bsidesatl
mcdwayneOct 14, 2023
"Stupid Log Tricks"
from Matt Carothers
at #bsidesatl
@bsidesatl
mcdwayneOct 14, 2023

"CMMC Who? The Basics of New DoD Cybersecurity Compliance"
from Chris Silvers
at #bsidesatl

@bsidesatl

mcdwayneOct 14, 2023

Cloud vulns and keys and breaches - Oh My!
Jackson Reid
@earnivore

#bsidesatl

mcdwayneOct 14, 2023
"Unchained: Unraveling the Unconventional Security Threats in Web3"
from @kammerdiener at #bsidesatl