Self-Hosting Umami on Netlify + Azure Prisma fights, pgcrypto drama, CSP facepalms, cold starts… and assumptions with teeth TL;DR I set out to self-host Umami analytics for this website using: Netlify (Next.js runtime - I already host my site here so it made sense to me!) Azure PostgreSQL Flexible …

Hero image generated by ChatGPT This is a personal blog and all content herein is my own opinion and not that of my employer. What The Entra Fudge?! There’s a particular flavour of frustration that only appears when: you follow the documentation, you apply least privilege, you design sensible …

Hero image generated by ChatGPT This is a personal blog and all content herein is my own opinion and not that of my employer. What The Entra Fudge?! There’s a moment every identity or cloud security practitioner eventually hits. The moment where you do everything right — follow the documentation, …

ISDF (Intune Stateful Device Fingerprinting) is an open-source project that closes a specific blindspot in Conditional Access: the fact that device-reported attributes can be locally manipulated. The problem it solves Conditional Access is only as strong as the signals it consumes. If a device can …

This is a personal blog and all content herein is my personal opinion and not that of my employer. Introduction I recently had the privilege of attending the OFFENSIVE ENTRA ID AND HYBRID AD SECURITY workshop run by the brilliant Dirk-jan Mollema - author of offensive security tools ROADtools, …

Az-Skywalker is a security research project and toolset that exposes control plane isolation flaws in Microsoft Azure — particularly in Key Vault, Logic Apps, and other iPaaS services. Research included VaultRecon Demonstrates how Microsoft’s intended isolation between the Key Vault control …