@dirkjanm.io@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Dirk-jan's personal blog, mostly containing research on topics I find interesting, such as (Azure) Active Directory internals, protocols and vulnerabilities.
Site URL: dirkjanm.io/
Feed URL: dirkjanm.io/feed.xml
Posts: 3
Followers: 1
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
Published: September 17, 2025 13:00
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably…
Extending AD CS attack surface to the cloud with Intune certificates
https://dirkjanm.io/extending-ad-cs-attack-surface-intune-certs/
Published: July 30, 2025 14:00
Active Directory Certificate Services (AD CS) attack surface is pretty well explored in Active Directory itself, with *checks notes* already 16 “ESC” attacks being publicly described. Hybrid certificate attack paths have not gained that much attention yet,…
Persisting on Entra ID applications and User Managed Identities with Federated Credentials
https://dirkjanm.io/persisting-with-federated-credentials-entra-apps-managed-identities/
Published: July 31, 2024 18:00
Using applications and service principals for persistence and privilege escalation is a well-known topic in Entra ID (Azure AD). I’ve written about these kind of attacks many years ago, and talked about how we can use certificates and application passwords…