| Blog | https://chris-brumm.medium.com |
| https://www.linkedin.com/in/christopherbrumm/ |
Recommendation of the day: Know your editor! (VSCode edition)
https://youtube.com/playlist?list=PLj6YeMhvp2S5UgiQnBfvD7XgOMKs3O_G6
Very interesting!
Game of Thrones in cybersecurity: data gravity, industry consolidation, platform play, private equity, and the great cyber gold rush
https://ventureinsecurity.net/p/game-of-thrones-in-cybersecurity
One of my longest and most comprehensive deep dives into the future of cybersecurity to date. This piece attempts to define the industry outlook for the next 5-10 years.
New blog post out: Passwordless Persistence and Privilege Escalation in Azure.
Link: https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f
In this blog post I explain how new passwordless authentication mechanisms like Azure's Certificate Based Authentication can be subverted by adversaries to establish long-term stealthy persistence, and explain a built-in privilege escalation primitive that exists in CBA.
New blog post: "Securing privileged user access with #AzureAD #ConditionalAccess and #IdentityGovernance"
Overview and considerations to enforce security controls for using #PAW, strong authentication and manage access for privileged roles based on tiering levels.
https://www.cloud-architekt.net/securing-privileged-access-conditionalaccess-governance/
Conditional Access and Entitlement Management plays an essential role to apply Zero Trust principles of “Verify explicitly“ and “Use least-privilege access“ to Privileged Identity and Access. In this article, I like to describe, how this features can be use to secure access to privileged interfaces and how to assign privileged access by considering Identity Governance policies.
Had some busy days. The CISSP exam was really tough - but I did it 🎂
Now I'm full focused on XMas with little distractions to Administrative Access concepts.
@thomasnaunheim has built some mind-blowing stuff (watch out for his blog) and I have to learn about Entra Permission Management for a customer POC.
Exciting Days 🍍
Are you working with #Microsoft technology and ever wondered how to become an MVP?
Then watch the Microsoft 365 Defender MVP special of the Ninja Show next Wednesday, 21.12.2022 17:00 UTC
@[email protected] and I are among the guests
I don't have the mental capacity to do a whole lot of socialing across all the different sites these days, so here's a list of greatest hits.
https://syfuhs.net/what-happens-when-you-type-your-password-into-windows
Tomorrow I will try to understand the e-discovery reference model (EDRM). 🤯
Here is the M365 version: https://learn.microsoft.com/en-us/microsoft-365/compliance/overview-ediscovery-20?view=o365-worldwide#ediscovery-premium-alignment-with-the-electronic-discovery-reference-model
Learn about the eDiscovery (Premium) solution in Microsoft Purview. This article provides an overview of eDiscovery (Premium) in Microsoft Purview, a tool to help you manage internal and external investigations. It also frames the business reasons for using eDiscovery (Premium) to manage your legal investigations.
Captain's log ⛵🥷
Today I've learned about some #infosec topics:
1. the SCAP protocol: https://en.m.wikipedia.org/wiki/Security_Content_Automation_Protocol
2. Cross-site tracing: https://owasp.org/www-community/attacks/Cross_Site_Tracing
3. and (again) ACID 😵💫: https://www.geeksforgeeks.org/acid-properties-in-dbms/
Andy Robbins
Thomas Naunheim 
Fabian Bader
Steve Syfuhs