OID-See v1.0.1 is out 🎉

This is a precision release.

No shiny new dashboards.
No dramatic architectural upheaval.
Just tighter logic, fewer false positives, and a scoring model that better reflects how Entra actually behaves in the real world.

If you’re already using OID-See, this release should …

OID-See is a security analysis tool for Microsoft Entra ID (Azure Active Directory) that maps OAuth application consent, permissions, service principal assignments, and trust signals into a queryable graph — giving defenders a BloodHound-style view of OAuth sprawl and impersonation risk.

What it …

Hero image generated by ChatGPT

This is a personal blog and all content herein is my own opinion and not that of my employer.

Correction

When I initially done this work and posted this blog, my mental model was that lack of ownership was a bad thing. My failing was in seeing ownership as …

Hero image generated by ChatGPT

This is a personal blog. All opinions are my own - not my employer’s.

Earlier this year, I published OuttaTune – a deep dive into how Conditional Access (CA) depends on device-sourced metadata and the risks of trusting values that endpoints themselves can …

ISDF (Intune Stateful Device Fingerprinting) is an open-source project that closes a specific blindspot in Conditional Access: the fact that device-reported attributes can be locally manipulated.

The problem it solves

Conditional Access is only as strong as the signals it consumes. If a device can …

This is a personal blog and all content herein is my personal opinion and not that of my employer.

Introduction

I recently had the privilege of attending the OFFENSIVE ENTRA ID AND HYBRID AD SECURITY workshop run by the brilliant Dirk-jan Mollema - author of offensive security tools ROADtools, …