tl;dr: This post documents requirements for logging the CopilotInteraction event, as well as some caveats of when it isn’t logged. This event is key for Copilot audit trails. An App Insights altern...

I recently presented “Persisting Unseen: Attacker Methods of Infesting Entra ID” at RSAC’s virtual Cloud Security seminar. This session introduced some methods attackers may use now or in the near ...

The Azure Resource Graph Explorer is a great way to quickly understand your Azure netework exposure. Simple KQL queries let you review all your resources at once, free of charge! More complex joins...

This post documents the process to create and test a new attack technique for Stratus Red Team, a threat emulation tool built in Terraform and Go. Introduction I recently had the opportunity to co...

Quick notes on Terraform + Entra ID. On quickly building labs I recently needed a quick Entra ID test environment to better understand groups, role assignments, and administrative units. Several g...

Learning from Wiz’s EKS Cluster Games in AWS. Last November, the Wiz team released the EKS Cluster Games for practice attacking Amazon Elastic Kubernetes Service (EKS) environments. I had a blast ...

Creativity fuels us: End-of-year reflections. The Talk In October, I had 5 minutes to address the end-of-day crowd at BSides Toronto during a spontaneous Lightning Talks session. I love Lightning...

Learning from Wiz’s Big IAM Challenge in AWS. In the leadup to fwd:cloudsec last month, the Wiz team released The Big IAM Challenge. While I didn’t have time to work on this CTF ahead of the confe...

This post is a part of the “Career Fundamentals” series. How to become comfortable & confident with self-guided projects and learning. Why Learn Hands On? These days, it feels like there...

On burnout, balance, and choosing a focus. “What do you want?” The best coaching question I’ve ever received was at the moment I least expected it, four years ago. I was tired, overwhelmed with a...