your SPF is a phishing problem!

A massive phishing campaign is targeting, impersonating their domain. It is common for phishing campaigns to impersonate government domains. However, during my investigation, I observed that the attackers were sending phishing emails from an IP address that was listed in the SPF record of This video showcases the steps taken during the investigation […]

Attack surface reduction: the zero day killer

Whether you are a beginner or an experienced practitioner in the field of ASR, this video is sure to provide you with valuable knowledge and insights. So sit back, relax, and enjoy this video about Attack Surface Reduction rules Links ASR references: Palantir’s blog: LSASS Twitter question: Chapters –Chapters–0:00 intro 1:18 1. […]

Insider Threat: Malicious admin reading your emails!

Email privacy is a very sensitive subject. Permissions to inboxes are heavily managed and it’s a very bad idea to give yourself as an IT Admin permissions to a mailbox of an end-user. There are multiple options to get access to the content of a mailbox, but some are more stealthy than others. In this […]

Force usage of FIDO2 key when elevating your priviliges

In this video, we go over the strengths of a FIDO 2 and how we can use “authentication context” in a conditional access policy to require FIDO2 as an MFA method. If you want to secure your precious accounts with an extra security layer, this video might spark your interest. We are configuring that an […] does not register to Azure AD

I was preparing a video about not-phish able authentication methods and I wanted to register my ATKey.Pro FIDO (type C) to my authentication methods. At the end of my registration flow I was confronted with this pop-up. Azure AD audit logs The error message gives the indication more info can be found in Azure AD. […]

Detect security policy changes

Who changed my security baseline? Configuring your tenant with correct security policies that match the needs of your company or customer takes time and effort. But once everything is in place you can sleep on both ears… right? Unless other admins change the security baseline behind your back. This isn’t necessarily with bad intentions. Security […]

Microsoft Attack Simulator: The GOOD, the BAD & the BUGS

I have done a deep dive into Microsoft’s Attack Simulator and want to share my 2 cent’s about my experience. I will be showing tips, explaining different attack methods, easily creating custom payloads, explaining features, discovering a BUG, and much more! Chapters 0:00 – Intro: attack simulator 0:33 – Licensing 0:46 – Where can I […]