I've found an unobtrusive way to run code or persist on Azure Arc machines (and virtual machines too, but with more permissions/requirements there). It requires a “new” permission/role to watch out for when landing on an Azure account.

RT @kfosaaen: Quick addition to Get-AzPasswords in MicroBurst - Azure OpenAI keys This new section will dump any available OpenAI keys fro…

RT @splinter_code: Very interesting post by Microsoft about the internals of the new Admin Protection feature It seems they have patched my…

RT @OtterHacker: If the first thing you do when you compromise a MSSQL server is to check for xp_cmdshell, you might want to read this...…

RT @endi24: Changes to SMB Signing Enforcement Defaults in Windows 24H2 | DSInternals

RT @slowerzs: Ever wondered how CryptProtectMemory with the CRYPTPROTECTMEMORY_SAME_PROCESS flag worked, or if encrypted blobs could be dec…

RT @michael_eder_: NFS has not received much attention of the offensive security community in nearly a decade. Today, we are happy to share…

RT @gynvael: Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bo…

RT @_dirkjan: Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID…

RT @orange_8361: Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pr…

RT @eliran_nissan: I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to up…

RT @rad9800: As well as the BootExecute key under HKLM\SYSTEM\CurrentControlSet\Control\Session Manager, any of the following work to launc…

RT @0x64616e: How to WebDAV Relay LPE on Windows 11: 1-3. Trigger start of EFS service trough Explorer 4-11. Continue like on Windows 10 Th…

RT @yudasm_: Excited to share a tool I've been working on - ShadowHound. ShadowHound is a PowerShell alternative to SharpHound for Active D…

RT @tr1ana: I'm thrilled to announce a new release of #Monkey365! This new release contains a lot of improvements and fixes. For example ne…

@PedroGabaldon Sounds good to me 👍

@PedroGabaldon Yes, the scope contains several Graph permissions - I've used this quite often to enumerate tenants, and the only permissions that I've missed were for pim eligibility and authorization policies

@PedroGabaldon I just tried it with most restricted user consent, and it works without any consent prompt.

RT @Bandrel: I did not approve of the timing of this release but here it is. Blog coming soon.