Technical Writing
Tech Blog
Cloud security, identity, infrastructure, and research. Deep dives, tools, and practical guidance.
InsomniHack & Entra Hybrid - Attack & Defence Mind Map : It's easier to attack than you think
Entra and Entra Hybrid has a huge attack surface and you're likely not even remotely aware of how easy it is to attack undetected.
SilentReaper: Undetectable Azure Control Plane Data Harvest
Exposing how control plane exploits in Microsoft’s iPaaS services enable silent data harvesting from workflows and secrets.
VaultRecon: An Azure Control Plane/Data Plane Isolation Flaw
How Microsoft's Isolation of Control Plane and Data Plane for Key Vault is flawed
All You Need Is Read! Announcing 2x Cloud Service Provider Information Disclosure Vulnerabilities!
Less than 24 hours until my YouTube Livestream where I’m publicly disclosing my security research on two public cloud vulnerabilities that the vendor says aren’t vulnerabilities! Come join me on Wednesday at 19:00 GMT …
Announcing 2x Cloud Service Provider Information Disclosure Vulnerabilities!
Less than 72 hours until my YouTube Livestream where I’m publicly disclosing my security research on two public cloud vulnerabilities that the vendor says aren’t vulnerabilities! Come join me on Wednesday at 19:00 GMT …
“XSS and CirriusTech? Oh My!”
Introduction In this post, I’m going to talk about a recent experience having a vulnerability in this website reported to me, the whole experience and how I dealt with it. What Happened? On 29th January 2025 @ …