Hero image generated by ChatGPT

This is a personal blog. All opinions are my own - not my employer’s.

Earlier this year, I published OuttaTune – a deep dive into how Conditional Access (CA) depends on device-sourced metadata and the risks of trusting values that endpoints themselves can …

Hero image generated by ChatGPT

This is a personal blog. All opinions are my own - not my employer’s.

Introduction

This is a follow-up to my original post detailing a security flaw in Microsoft Intune’s Conditional Access (CA) filtering that allows local admin attackers to bypass CA policies by …

This is a personal blog and all content herein is my personal opinion and not that of my employer.

Introduction

After I shared the last post on Security Amnesia, a friend replied with a story that hit home:

“When I was younger, me and my sister typed up CAA exam papers for commercial …

This is a personal blog and all content herein is my personal opinion and not that of my employer.

Introduction

We spend millions securing systems and training people – and yet we still fall for the same attacks. Phishing, reusing passwords, skipping MFA. Why?

This post isn’t about flaws in …

Hero Image generated by ChatGPT

This is a personal blog and all content therein is my personal opinion and not that of my employer.

Introduction

This post details a security weakness in Microsoft Intune’s Conditional Access (CA) filtering, which allows attackers with local admin privileges to …

Hero Image generated by ChatGPT

This is a personal blog and all content therein is my personal opinion and not that of my employer.

Introduction

In this post, I’m going to talk about an issue I spotted recently within Microsoft Azure.

In my last post I talked about the VaultRecon issue …