🔒 Exciting Insights from the Belgian Microsoft Cloud & Security Community Event! 🔍

Had an incredible time at the recent Belgian Microsoft Cloud & Security Community Event, and I’m thrilled to share highlights from the event in my latest video! 🌐 Organizer Spotlight: Michael Van Horenbeeck Michael provided invaluable insights into what makes the community thrive and the incredible impact it has on fostering collaboration in the Microsoft […]

🔒 Unveiling My Journey: From Finding XSS Vulnerability to Submitting it to Microsoft 🔒

🔒 Unveiling My Journey: From Finding XSS Vulnerability to Earning Bounties at Microsoft 🔒 In December 2022, I stumbled upon an XSS (Cross-Site Scripting) vulnerability on security.microsoft.com, and today, I’m thrilled to share my incredible journey with you! After many months of anticipation, I can finally disclose the details of how I discovered and successfully […]

Vlaanderen.be your SPF is a phishing problem!

A massive phishing campaign is targeting vlaanderen.be, impersonating their domain. It is common for phishing campaigns to impersonate government domains. However, during my investigation, I observed that the attackers were sending phishing emails from an IP address that was listed in the SPF record of vlaanderen.be. This video showcases the steps taken during the investigation […]

Attack surface reduction: the zero day killer

Whether you are a beginner or an experienced practitioner in the field of ASR, this video is sure to provide you with valuable knowledge and insights. So sit back, relax, and enjoy this video about Attack Surface Reduction rules Links ASR references: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide Palantir’s blog: https://blog.palantir.com/microsoft-defender-attack-surface-reduction-recommendations-a5c7d41c3cf8 LSASS Twitter question: https://twitter.com/LouisMastelinck/status/1643652827493937152 Chapters –Chapters–0:00 intro 1:18 1. […]

Insider Threat: Malicious admin reading your emails!

Email privacy is a very sensitive subject. Permissions to inboxes are heavily managed and it’s a very bad idea to give yourself as an IT Admin permissions to a mailbox of an end-user. There are multiple options to get access to the content of a mailbox, but some are more stealthy than others. In this […]

Force usage of FIDO2 key when elevating your priviliges

In this video, we go over the strengths of a FIDO 2 and how we can use “authentication context” in a conditional access policy to require FIDO2 as an MFA method. If you want to secure your precious accounts with an extra security layer, this video might spark your interest. We are configuring that an […]