Self-Hosting Umami on Netlify + Azure

Prisma fights, pgcrypto drama, CSP facepalms, cold starts… and assumptions with teeth

TL;DR

I set out to self-host Umami analytics for this website using:

• Netlify (Next.js runtime - I already host my site here so it made sense to me!)
• Azure PostgreSQL Flexible …

Hero image generated by ChatGPT This is a personal blog and all content herein is my own opinion and not that of my employer.

What The Entra Fudge?!

There’s a particular flavour of frustration that only appears when:

• you follow the documentation,
• you apply least privilege,
• you design sensible …

Hero image generated by ChatGPT

This is a personal blog and all content herein is my own opinion and not that of my employer.

What The Entra Fudge?!

There’s a moment every identity or cloud security practitioner eventually hits.

The moment where you do everything right — follow the …

ISDF (Intune Stateful Device Fingerprinting) is an open-source project that closes a specific blindspot in Conditional Access: the fact that device-reported attributes can be locally manipulated.

The problem it solves

Conditional Access is only as strong as the signals it consumes. If a device can …

This is a personal blog and all content herein is my personal opinion and not that of my employer.

Introduction

I recently had the privilege of attending the OFFENSIVE ENTRA ID AND HYBRID AD SECURITY workshop run by the brilliant Dirk-jan Mollema - author of offensive security tools ROADtools, …

Az-Skywalker is a security research project and toolset that exposes control plane isolation flaws in Microsoft Azure — particularly in Key Vault, Logic Apps, and other iPaaS services.

Research included

VaultRecon

Demonstrates how Microsoft’s intended isolation between the Key Vault control …