-
Troopers 2025 thoughts – Part 1
I missed Troopers25 this year, so the moment the recordings appeared on YouTube I basically stopped everything and hit play. Three talks immediately grabbed me. solving problems I had, teaching me new tricks, and reminding me why Entra research is so fun. Here’s my breakdown of them.
-
I just wanted to see what SSSO looks like
A hands-on look at Azure Seamless SSO – what it is, how it works under the hood, and why the AZUREADSSOACC account deserves your attention. No new attack, just curiosity and packet captures.
-
What No One Tells You About Non-Interactive Logs
Non-interactive logs aren’t just for token refreshes. You can found a brute-force attack hiding in one.
-
Exploring dsreg Part 1
In this post, I dive into how the UpdateDevice function of dsregcmd works behind the scenes. From playing with registry values, tracing API calls in WinDbg, and intercepting requests with Burp, I explore how device attributes in Entra are managed—and what we can (and can’t) change. Along the way, I share some fun findings, a…
-
Playing Around with Entra APIs
Just a small experiment to see what shows up (and what doesn’t) in Entra logs when using undocumented APIs. I poked around some lesser-known endpoints, checked how they interact with GraphActivityLog, and tried to understand where things might leave a trace. Nothing groundbreaking—just a fun research session with some interesting findings! :)
-
Entra Sign-In logs hidden gems
This short post is here to raise awareness about some super useful fields in the sign-in logs. We all know how essential these logs are—if you want to get things done in the cloud, it usually starts with a user :) and that means a sign-in!
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
Sapir's failed research blog 