Technical Writing
Tech Blog
Cloud security, identity, infrastructure, and research. Deep dives, tools, and practical guidance.
From Clawdbot to GAINet: When Agent Experiments Outrun Accountability
From Clawdbot to GAINet: When Agent Experiments Outrun Accountability This post didn’t start as a philosophical musing about AI. It started with a very practical, very familiar security reaction: “Why on earth is this …
Allowing ARM for Dev Box: When Portals Impersonate Users (and How to Avoid It)
Microsoft recommends allowing the Azure Service Management API from BYOD to enable Dev Box access. That guidance quietly expands the blast radius far beyond Dev Box itself. This post walks through why that happens, what’s really going on at runtime, and an undocumented deep-link that avoids the problem entirely.
OID-See v1.0.1: Small Release, Sharper Edges
OID-See v1.0.1 tightens scoring logic, improves accuracy around app role assignments, ownership, and deception signals, and lays the groundwork for more trustworthy Entra ID app risk analysis.
Allow One, Allow All: When Conditional Access Loses the Plot
Conditional Access is often treated as a fine-grained policy engine, but recent platform design choices show that many modern Microsoft workloads collapse behind shared identities and brokers. When Dev Box, AVD, and Windows 365 all authenticate through the same app, ‘allow one’ can quietly become ‘allow all’.
OID-See: Giving Your OAuth Apps the Side-Eye
OID-See or BloodHound for OAuth in Entra: mapping consent, scopes, assignments, and trust signals into a graph so you can spot impersonation risk and OAuth sprawl.
Silent Drip: When Sync Becomes a Slow Leak
An investigation into plaintext persistence and invisible data propagation through Microsoft Edge Drop.