This post documents the process to create and test a new attack technique for Stratus Red Team, a threat emulation tool built in Terraform and Go. Introduction I recently had the opportunity to co...

Quick notes on Terraform + Entra ID. On quickly building labs I recently needed a quick Entra ID test environment to better understand groups, role assignments, and administrative units. Several g...

I recently published an article on Datadog Security Labs. This article is about how Entra ID’s restricted management and hidden membership administrative units (AUs) can be used for privileged pers...

Learning from Wiz’s EKS Cluster Games in AWS. Last November, the Wiz team released the EKS Cluster Games for practice attacking Amazon Elastic Kubernetes Service (EKS) environments. I had a blast ...

Creativity fuels us: End-of-year reflections. The Talk In October, I had 5 minutes to address the end-of-day crowd at BSides Toronto during a spontaneous Lightning Talks session. I love Lightning...

Learning from Wiz’s Big IAM Challenge in AWS. In the leadup to fwd:cloudsec last month, the Wiz team released The Big IAM Challenge. While I didn’t have time to work on this CTF ahead of the confe...

This post is a part of the “Career Fundamentals” series. How to become comfortable & confident with self-guided projects and learning. Why Learn Hands On? These days, it feels like there...

On burnout, balance, and choosing a focus. “What do you want?” The best coaching question I’ve ever received was at the moment I least expected it, four years ago. I was tired, overwhelmed with a...

This post is a part of the “Career Fundamentals” series. How to learn new practical skills on the job with confidence. Ever since it was published, I can’t stop sharing Azeria’s blog post, “T...