# ![@IAMERICAbooted Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1900149365475364864.png) @IAMERICAbooted EZ

EZ posts on X about microsoft, if you, entra, ai the most. They currently have [-----] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.

### Engagements: [-----] [#](/creator/twitter::1900149365475364864/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:interactions.svg)

- [--] Week [------] +50%
- [--] Month [-------] +10,651%
- [--] Months [---------] +142%

### Mentions: [--] [#](/creator/twitter::1900149365475364864/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:posts_active.svg)

- [--] Week [--] -27%
- [--] Month [---] +1,388%
- [--] Months [---] +94%

### Followers: [-----] [#](/creator/twitter::1900149365475364864/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:followers.svg)

- [--] Week [-----] +1.90%
- [--] Month [-----] +1.70%
- [--] Months [-----] +76%

### CreatorRank: [-------] [#](/creator/twitter::1900149365475364864/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  17.36% [stocks](/list/stocks)  13.22% [finance](/list/finance)  4.96% [social networks](/list/social-networks)  1.65% [countries](/list/countries)  0.83% [cryptocurrencies](/list/cryptocurrencies)  0.83%

**Social topic influence**
[microsoft](/topic/microsoft) 12.4%, [if you](/topic/if-you) 11.57%, [entra](/topic/entra) 8.26%, [ai](/topic/ai) 7.44%, [cloud](/topic/cloud) 7.44%, [this is](/topic/this-is) 6.61%, [all the](/topic/all-the) 5.79%, [stuff](/topic/stuff) 4.96%, [in the](/topic/in-the) 4.96%, [to the](/topic/to-the) 4.13%

**Top accounts mentioned or mentioned by**
[@uk_daniel_card](/creator/undefined) [@cjk365](/creator/undefined) [@nathanmcnulty](/creator/undefined) [@mwheatfill](/creator/undefined) [@merill](/creator/undefined) [@ukdanielcard](/creator/undefined) [@zaabit](/creator/undefined) [@pwnedlabs](/creator/undefined) [@cybersecaj](/creator/undefined) [@l33th4xcyber](/creator/undefined) [@mathematicaken](/creator/undefined) [@cisodiagonal](/creator/undefined) [@minkeymagik](/creator/undefined) [@techspence](/creator/undefined) [@lo_kto](/creator/undefined) [@mikedeyinka](/creator/undefined) [@ericonidentity](/creator/undefined) [@ferlop84](/creator/undefined) [@timinbrum](/creator/undefined) [@dirkjan](/creator/undefined)

**Top assets mentioned**
[Microsoft Corp. (MSFT)](/topic/microsoft) [Zscaler Inc (ZS)](/topic/$zs)
### Top Social Posts
Top posts by engagements in the last [--] hours

"This is an absolute basic for regulated orgs. I tell people a lot: if you don't want to listen to me fine. Listen to Mandiant. https://cloud.google.com/blog/topics/threat-intelligence/defense-against-shinyhunters-cybercrime-saas https://cloud.google.com/blog/topics/threat-intelligence/defense-against-shinyhunters-cybercrime-saas"  
[X Link](https://x.com/IAMERICAbooted/status/2022118040637509793)  2026-02-13T01:18Z [----] followers, [----] engagements


"Do you know how many times Ive seen WDAC enabled in an org Absolutely Zero Friends dont let friends do WDAC. Friends let foes do WDAC so the foes head is on the chopping block :p PS: cyberark epm is an abstraction of wdac :p"  
[X Link](https://x.com/IAMERICAbooted/status/2017597580440416592)  2026-01-31T13:55Z [----] followers, [----] engagements


".@ericonidentity brought up a good point in his talk. FIDO2/Webauthn downgrades are not a problem with the protocols. Its a problem with the configurations within you IdP whether it be Entra Okta DUO RSA whatever. In a downgrade attack most orgs have fallback methods in case problems happen or there are use cases for apps that are unsupported. In Entra for 2xample if you dont use authentication strength requirements for FIDO2/Webauthn and your Microsoft Authenticator is included it the authentication strengths config but it's not co figured to require passkeys and not allow number match push"  
[X Link](https://x.com/IAMERICAbooted/status/2017625812636160319)  2026-01-31T15:47Z [----] followers, [----] engagements


"Dear Microsoft Please do a certification called RBAC to Basics. We'll talk about APIs another day"  
[X Link](https://x.com/IAMERICAbooted/status/2018620979661181369)  2026-02-03T09:42Z [----] followers, [----] engagements


"If you ever want to find undocumented stuff in M365 to poke at make the UAL your bestie :p"  
[X Link](https://x.com/IAMERICAbooted/status/2019755057051308447)  2026-02-06T12:48Z [----] followers, [----] engagements


"Eventually attackers are going to figure out social engineering techniques to get admins to give them HAR files :p"  
[X Link](https://x.com/IAMERICAbooted/status/2020179692180095448)  2026-02-07T16:55Z [----] followers, [----] engagements


"@mwheatfill @merill Just make sure you enforce authn strengths in the CAPs otherwise users will still be vulnerable to device code phishing"  
[X Link](https://x.com/IAMERICAbooted/status/2020298131657593315)  2026-02-08T00:46Z [----] followers, [--] engagements


"Yep. I will have to test device code authn again against authn strengths to be sure but I think authn strengths does mitigate it. You can test it with any powershell module with the -usedeviceauthentication flag. If your org doesnt allow any access to tenant resources from unmanaged devices (i.e. email) its less of an issue. It;s best to apply the CAP to block Device Code Authn if possible. Im surprised security gave you pushback with FIDO2/Webauthn rollout. They should be your cheerleader right now @mwheatfill https://twitter.com/i/web/status/2020303925513986177"  
[X Link](https://x.com/IAMERICAbooted/status/2020303925513986177)  2026-02-08T01:09Z [----] followers, [--] engagements


"@UK_Daniel_Card Delete system32 :p"  
[X Link](https://x.com/IAMERICAbooted/status/2020537873598976279)  2026-02-08T16:39Z [----] followers, [--] engagements


"@ferlop_84 @zaab_it It hasn't really improved. It tells me about deprecated stuff all the time"  
[X Link](https://x.com/IAMERICAbooted/status/2020540100535259325)  2026-02-08T16:47Z [----] followers, [--] engagements


"If IT teams knew their tools they'd stip buy overlapping ones :p Know your enemy know your battlefield know your tools. Just by doing that youre a head of 90% of IT/Security teams. Know your enemy know your battlefield know your tools. Just by doing that youre a head of 90% of IT/Security teams"  
[X Link](https://x.com/IAMERICAbooted/status/2020577802471231719)  2026-02-08T19:17Z [----] followers, [----] engagements


"While you are all out there creating cool AI tools I'm working on trying to make them not dump Social Security Numbers ABA Numbers credit card numbers SWIFT Numbers Medical Records crednetials and other personally identifiable information as well as trying to lock down privacy settings across groups Teams SharePoint and exchange. Then I can move on to threat. https://twitter.com/i/web/status/2020591475684249619 https://twitter.com/i/web/status/2020591475684249619"  
[X Link](https://x.com/IAMERICAbooted/status/2020591475684249619)  2026-02-08T20:12Z [----] followers, [----] engagements


"Going to freshen up my offsec skills with @PwnedLabs of anyone wants to join me 😈"  
[X Link](https://x.com/IAMERICAbooted/status/2020651106460934358)  2026-02-09T00:09Z [----] followers, [----] engagements


"Look AI has a lot of problems like every new and existing technology. For those still hard on the AI slop train people are watching and attributing skill level to those opinions lol. IDC if the AI slop train people get left behind 😆 My opinion comes from my experience of working in AI Security right now"  
[X Link](https://x.com/IAMERICAbooted/status/2020853936148676937)  2026-02-09T13:34Z [----] followers, [---] engagements


"@CyberSecAJ @cjk365 Most orgs achieve named locations with their SASE IPs :)"  
[X Link](https://x.com/IAMERICAbooted/status/2020933081759351273)  2026-02-09T18:49Z [----] followers, [--] engagements


"@cjk365 It might not be. I would have to test it. If you are federated withba 3rd party idp you can use zones from azure I think. Thats a tough one. Mayeb @NathanMcNulty knows"  
[X Link](https://x.com/IAMERICAbooted/status/2021038345531555953)  2026-02-10T01:47Z [----] followers, [--] engagements


"See something Say something. Isn't this something we encourage The power of the people comes from saying something. Iranians have had their voices silenced. They are in a life or death situation. Be their voice. If empathy is hard for you imagine your sons and daughters were murdered by your government. Imagine your virgin daughter being raped before being killed. How would you feel Would you be sad Would you be enraged Would you want justice Now imagine you were gagged. You couldn't tell anyone what happened. The people hired to to protect you would kill you if you did. They are gaslighting"  
[X Link](https://x.com/IAMERICAbooted/status/2021216894993240169)  2026-02-10T13:37Z [----] followers, [---] engagements


"@L33tH4xcyber @PwnedLabs I never do the certs. I read the content and do the labs and recreate in my own testing environments so I can test mitigations :)"  
[X Link](https://x.com/IAMERICAbooted/status/2021260068449063208)  2026-02-10T16:28Z [----] followers, [--] engagements


"I wake up every day hoping to see news about Iran leadership falling. Every day I'm disappointed. There is zero forgiveness in my soul for what they did. Every day I think of the constant threat that Israel faces. Adversaries trying to mass murder them every day then claiming victim when Israel defends itself. The cowards that run Hamas taking cover in children's schools and hospitals to avoid being targeted. The world saw the savagery that happened in October that year. Is this who you want as your neighbors People who target innocent unarmed civilians with atrocities Who rape and gut"  
[X Link](https://x.com/IAMERICAbooted/status/2021568626931749370)  2026-02-11T12:54Z [----] followers, [--] engagements


"Why is it that Microsofts own Enterprise bot cannot write a functional KQL query for Advanced Hunting"  
[X Link](https://x.com/IAMERICAbooted/status/2021573875906003443)  2026-02-11T13:15Z [----] followers, [----] engagements


"Maybe it's time for the US to leave the UN 🚨 LTIMA HORA: La Repblica Islmica de Irn ha sido elegida Vicepresidenta de la Comisin de Desarrollo Social de la ONU. Su misin Promover la democracia la igualdad de gnero y la tolerancia. Esto es en serio. No es una broma. https://t.co/UzQb5P25l1 🚨 LTIMA HORA: La Repblica Islmica de Irn ha sido elegida Vicepresidenta de la Comisin de Desarrollo Social de la ONU. Su misin Promover la democracia la igualdad de gnero y la tolerancia. Esto es en serio. No es una broma. https://t.co/UzQb5P25l1"  
[X Link](https://x.com/IAMERICAbooted/status/2021777469725192334)  2026-02-12T02:44Z [----] followers, [---] engagements


"EDRs in general are not good at catching scripting unless your policies are more aggressive than usual I was using wscript.exe and mshta.exe in [----] funny :P I was using wscript.exe and mshta.exe in [----] funny :P"  
[X Link](https://x.com/IAMERICAbooted/status/2021789480441851952)  2026-02-12T03:32Z [----] followers, [----] engagements


"Microsoft: blame the customer for a shitty design on their part. Also Microsoft: there's nothing you can do. Sorry. Also Microsoft: use this open source powershell module that requires sites.fullcontrol.all or sites.manage.all because you know we dont really care about SFI. You've got to be kidding me. I fucking hate Purview with a passion today"  
[X Link](https://x.com/IAMERICAbooted/status/2022465042826813758)  2026-02-14T00:16Z [----] followers, [----] engagements


"Microsoft: you should have updated your architecture. US: yh we'll get right on that. There's a [--] year line of technical debt. What happened to backward compatability"  
[X Link](https://x.com/IAMERICAbooted/status/2022467858484335092)  2026-02-14T00:28Z [----] followers, [---] engagements


"@MathematicaKen Not yet but its on my roadmap. Another team is handling that but I'm c9llaborating with them for the security surrounding AI"  
[X Link](https://x.com/IAMERICAbooted/status/2022476766682452132)  2026-02-14T01:03Z [----] followers, [--] engagements


"Claude: I feel like nobody is reading this warning and running Claude on root dir with access to everything Claude nuked my entire db and overwrote all my files how https://t.co/QepIU5uxHn I feel like nobody is reading this warning and running Claude on root dir with access to everything Claude nuked my entire db and overwrote all my files how https://t.co/QepIU5uxHn"  
[X Link](https://x.com/IAMERICAbooted/status/2022713981631123767)  2026-02-14T16:46Z [----] followers, [---] engagements


"Everyone in IT: Copilot is a doofus. Executives: use Copilot or else . 😜"  
[X Link](https://x.com/IAMERICAbooted/status/2022755184313602056)  2026-02-14T19:29Z [----] followers, [----] engagements


"Do you know what the best use of copilot is Dumping SharePoint 😆 😆 😆"  
[X Link](https://x.com/IAMERICAbooted/status/2022832910298947965)  2026-02-15T00:38Z [----] followers, [----] engagements


". We are living through a moment where a group of people do not just disagree they do not even acknowledge a shared fundamental reality. There is no common frame of reference no mutual set of facts from which discourse can even begin. They can watch the same video from multiple We are living through a moment where a group of people do not just disagree they do not even acknowledge a shared fundamental reality. There is no common frame of reference no mutual set of facts from which discourse can even begin. They can watch the same video from multiple"  
[X Link](https://x.com/IAMERICAbooted/status/2015581071006462030)  2026-01-26T00:22Z [----] followers, [----] engagements


"@zaab_it everyone is calling it that now lol palo zscaler entra suite -- all calling it ztna because that's what execs want. same solutions minimal upgrades rebranded. you know how it goes :P"  
[X Link](https://x.com/IAMERICAbooted/status/2022129757140517260)  2026-02-13T02:04Z [----] followers, [---] engagements


"This has always been the case 😆 😆 😆 Purview will help here. The Outlook workload for Copilot Enterprise works a bit different than all the others. Its a PITA ❗A code error allows Copilot Chat to expose confidential emails and files in its responses. Microslop is fixing the issue but if Microsoft [---] tenants don't configure the available features to restrict AI access there's still a risk of leaking sensitive information. https://t.co/LAaqDkzHk8 ❗A code error allows Copilot Chat to expose confidential emails and files in its responses. Microslop is fixing the issue but if Microsoft 365"  
[X Link](https://x.com/IAMERICAbooted/status/2022710349867225258)  2026-02-14T16:31Z [----] followers, [----] engagements


"@CisoDiagonal @UK_Daniel_Card It took me [--] months to get someone to do something that takes [--] minutes. The thing was a requirement for a security PoC. See the problem"  
[X Link](https://x.com/IAMERICAbooted/status/2022827890014871575)  2026-02-15T00:18Z [----] followers, [--] engagements


"CIS benchmarks are always my *starting point*. They are the basics of security. To use them well you have to understand the architecture as a whole compensating controls 3rd party solutions integrations etc. But this is where I always started. You have to read and understand them. That takes time and more than one read+implement. Some really talented people work on CIS benchmarks and they are free when you download them and dont use them in software/automations. If you have a technology that has a benchmarks I hope you know it inside and out.  🛠🛡 This CIS benchmark is a gold mine for"  
[X Link](https://x.com/IAMERICAbooted/status/2023021573330940118)  2026-02-15T13:08Z [----] followers, [----] engagements


"Why do I get my best work done when Im laying in bed messing around in my lab"  
[X Link](https://x.com/IAMERICAbooted/status/2016350811077374048)  2026-01-28T03:21Z [----] followers, [---] engagements


"You can manage browser extensions with Intune browser policies RBI solutions ZTNA/SASE solutions SSPMs and other places. Theres really not a good reason why malicious browser extensions should be an issue yet here we are :p"  
[X Link](https://x.com/anyuser/status/2022711909208752157)  2026-02-14T16:37Z [----] followers, 10.8K engagements


"Happy Tuesday friends If you already know everything you won't have space to learn anything new. The world is vast. Most "experts"/OGs realize how little they know and ask more questions. Thats how I know who to hang around with. I may be deaf but I hear people in different ways. :p"  
[X Link](https://x.com/IAMERICAbooted/status/2023710145843200043)  2026-02-17T10:44Z [----] followers, [---] engagements


"@timinbrum @minkeymagik Many. It wasn't heavily reported on until the past couple years"  
[X Link](https://x.com/IAMERICAbooted/status/2023728308421120452)  2026-02-17T11:56Z [----] followers, [--] engagements


"@UK_Daniel_Card I know folks with all of these 😆 They are fucking beasts"  
[X Link](https://x.com/IAMERICAbooted/status/2023749904334811379)  2026-02-17T13:22Z [----] followers, [---] engagements


"For your Global Admin and Privileged Role Admins if you want to implement an approval process for PIM below is a screenshot of the setting. I understand there is some controversy around this setting. As a previous offsec practitioner in Microsoft Cloud I recommend this coupled with the following mitigations: [--]. Managed Device Requirement [--]. Approved Named Location [--]. Authentication Context Your Global Admins should be having a conversation with another Global Admin when they need to elevate the role for approved work. Access reviews quarterly is not enough in my opinion. Checking on your PAWS"  
[X Link](https://x.com/IAMERICAbooted/status/1941619347346071748)  2025-07-05T22:05Z [----] followers, 13.1K engagements


"Engineer = Admin Analyst = Admin Architect = Draws pictures Incident Responder = Admin Executives = Admin 🫢 CEO = we won't talk about that Developers = Admin Hackers = (unwelcomed) Admin See We're all just admins except architects. They draw pictures and create documentation from GPTs that is 60% right"  
[X Link](https://x.com/IAMERICAbooted/status/1942171466482536695)  2025-07-07T10:38Z [----] followers, [----] engagements


"Yesterday I discovered Purview Insider Threat Management. So THIS is where all the stuff Ive been trying to do with DLP rules exists. WTF lol"  
[X Link](https://x.com/IAMERICAbooted/status/1944957176063111617)  2025-07-15T03:08Z [----] followers, [----] engagements


"Unskilled people hire more unskilled people. Many organizations struggle with this"  
[X Link](https://x.com/IAMERICAbooted/status/1949505684036321567)  2025-07-27T16:22Z [----] followers, [----] engagements


"Microsoft was told about a vulnerability in their own product that allows Purview advanced encryption configured a certain way to bypass all DLP all MTA security products and Defender for Office365 but nobody understood their own product so the ticket was eventually closed. But yh Mac Microsoft Threat Intelligence uncovered a macOS vulnerability tracked as CVE-2025-31199 that could allow attackers to steal private data of files normally protected by Transparency Consent and Control (TCC) such as caches used by Apple Intelligence. https://t.co/RItmoVgnHZ Microsoft Threat Intelligence uncovered"  
[X Link](https://x.com/IAMERICAbooted/status/1949874133849817530)  2025-07-28T16:46Z [----] followers, 36.7K engagements


"I had an amazing opportunity the past year to help a new organization build and secure a brand new infrastructure in the Defense Industrial Base. I provided a lot of solutions designed to scale access with no additional costs to the business all while focusing on solutions that held users experience in the highest regard. I solved a ton of problems. I'm a thousands times more skilled than I was before with first hand admin access in M365 Okta EDR EPM SIEM SSPM CSPM MTAs ITM and other solutions accross the fleet. I built them passwordless and I'm proud of it As a security professional I got"  
[X Link](https://x.com/IAMERICAbooted/status/1950321135339327849)  2025-07-29T22:22Z [----] followers, [----] engagements


"Good morning world Anyone need a global admin for M365 (every admin center: Entra Admin Intune Exchange Purview Security Teams SharePoint/OneDrive Apps Admin Center and Power Platform) with experience in IAM including federation design and implementation SSO app integrations hybrid or cloud-only solutions architecture security engineering and architecture threat modeling Active Directory purple teaming security assessments penetration testing build from greenfield EDR Proofpoint Okta SSPM SIEM compliance frameworks across verticals and many other technologies within the infrastructure I have"  
[X Link](https://x.com/IAMERICAbooted/status/1951261073585176758)  2025-08-01T12:37Z [----] followers, 10.2K engagements


"Microsoft's Zero Trust workshops are the best thing they've produced for customers ever in my open. I absolutely love everything about this project and it has helped me so much when consulting to cover as much as possible in a short time. After running 150+ Zero Trust workshops with Fortune [---] companies Microsoft's customer experience architects dropped some truth bombs on my podcast. "60% of what we find customers already know. 40% is something that surprises someone in the room." - Ramiro Calderon https://t.co/ccD59wYp0F After running 150+ Zero Trust workshops with Fortune [---] companies"  
[X Link](https://x.com/IAMERICAbooted/status/1951621252600189274)  2025-08-02T12:29Z [----] followers, [----] engagements


"If there's one piece of advice I can tell everyone that will always be true based on [--] years of workforce experience it's this: Don't ever work one minute longer than you are required to work. I guarantee you when the time comes for someone to remember all that they won't. It means absolutely nothing and you will just devalue yourself in the process by being paid less than when you signed up for"  
[X Link](https://x.com/IAMERICAbooted/status/1953218822363627865)  2025-08-06T22:17Z [----] followers, [----] engagements


"Attention all Admins Architects Directors CISOs whatever you are in Microsoft Cloud. Go do these two courses: CARTP and CARTE. These attacks are leveraged by LOW SKILLED groups. Yes LOW SKILLED groups. https://www.alteredsecurity.com/carte-bootcamp https://www.alteredsecurity.com/cartp-bootcamp https://www.alteredsecurity.com/carte-bootcamp https://www.alteredsecurity.com/cartp-bootcamp"  
[X Link](https://x.com/IAMERICAbooted/status/1953297012641747105)  2025-08-07T03:27Z [----] followers, [----] engagements


"6 places I check when I'm reviewing a company's external footprint and tech stack to get a basic understanding of the architecture: [--]. [--]. [--]. [--]. [--]. LinkedIn [--]. Careers Go check these things to see what others look at. It usually takes me less than [--] hour. http://crt.sh http://virustotal.com http://dnsdumpster.com http://aadinternals.com/osint http://crt.sh http://virustotal.com http://dnsdumpster.com http://aadinternals.com/osint"  
[X Link](https://x.com/IAMERICAbooted/status/1954628686914756814)  2025-08-10T19:39Z [----] followers, 25.4K engagements


"You CANNOT secure your Microsoft Cloud estate without adequate offsec expertise. Period. Anyone who tells you differently is selling you something incompetant or ladder climbing"  
[X Link](https://x.com/IAMERICAbooted/status/1954887929483935862)  2025-08-11T12:49Z [----] followers, [----] engagements


"Does anyone know if Contoso or Fabrikam are hiring"  
[X Link](https://x.com/IAMERICAbooted/status/1955846188747325616)  2025-08-14T04:17Z [----] followers, [----] engagements


"M365 [---] - It's less than [---] pages. When you start getting into Identity and Purview it will be another [-----] pages to read. I'm not joking. https://learn.microsoft.com/pdfurl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fentra%2Ffundamentals%2Ftoc.json https://learn.microsoft.com/pdfurl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fentra%2Ffundamentals%2Ftoc.json"  
[X Link](https://x.com/IAMERICAbooted/status/1955944955924426813)  2025-08-14T10:49Z [----] followers, [----] engagements


"This is what it takes to work in JUST Entra and Purview alone. LLMs cannot teach you this. Context matters. What is Entra [---] pages Entra Authentication: [----] pages Entra Application Management: [---] pages Entra RBAC: [---] pages Entra User Management: [---] pages Entra Conditional Access: [---] pages Entra Device Identity: [---] pages Entra Hybrid Identity: [----] pages Entra Application Provisioning: [---] pages Entra Application Proxy: [---] pages Entra Managed Identities for Azure Resources: [---] pages Application Integrations: [-----] pages - but a reference Entra Monitoring and Health: [---] Pages Entra"  
[X Link](https://x.com/IAMERICAbooted/status/1955953499260273024)  2025-08-14T11:23Z [----] followers, 15.4K engagements


"Someone said today they are going to get MDE+AV installed along side 3rd party EDR+AV. Go ahead summer child. Go ahead. Don't listen to the people who already did this [--] years ago and know what problems it caused. But sure have your fun thinking you know better"  
[X Link](https://x.com/IAMERICAbooted/status/1956067920175358099)  2025-08-14T18:58Z [----] followers, 23.8K engagements


"Low level windows knowledge has deteriorated. Only offsec people and EDR vendors know that stuff anymore"  
[X Link](https://x.com/IAMERICAbooted/status/1956083283306901771)  2025-08-14T19:59Z [----] followers, 13K engagements


"I see a lot of job posting for M365 DLP listing just Purview. DLP in M365 is not just Purview. It's also Intune and Entra ID. It depends on all [--] pillars of ZTA. Weaknesses in any pillar directly and indirectly affect the data plane. Also DLP depends on group configurations SharePoint site configurations Teams configurations OneDrive configurations etc. Doing tasks related to DLP requires a tenant-wide approach and is not limited to Purview solutions"  
[X Link](https://x.com/IAMERICAbooted/status/1959949985295868246)  2025-08-25T12:04Z [----] followers, [----] engagements


"Cloud security in a nutshell: goal is to decrease risk. In cloud it goes a bit like this: IAM - MFA all the things. If you can swing it with ops pilot passwordless. Users will love it I promise Make sure everyone can't just escalate privileges when they're not admins Make sure devices are managed. If their not MAM-WE is your friend Make sure data in transit and at rest is encrypted. If you're highly regulated and multi-GEO I'll pray for you because you have to consider data residency and traversal too. Validate logging is sufficient for the compliance frameworks and doesn't have creds in it."  
[X Link](https://x.com/IAMERICAbooted/status/1960136948967715150)  2025-08-26T00:27Z [----] followers, 17.8K engagements


"Guess what ya'll @merill and I are going to have a chat . on video 👀 👁 😵 🙈"  
[X Link](https://x.com/IAMERICAbooted/status/1961017426360902037)  2025-08-28T10:46Z [----] followers, 12K engagements


"If I had children here are a couple life lessons I would teach them: [--]. Don't go to college unless you can pay for it without a loan. It's not worth it. [--]. Never buy a brand new car [--]. Start putting money in a retirement fund regularly from your early 20s even if it's just $50 per week. [--]. Work is a contract. Work within the contract rules no more no less unless it's your own business. No company that you do not own has any loyalty to you. Things are not like they were [--] years ago. [--]. Buy real estate as investments. [--]. Never take out a loan that doesn't have some sort of bankruptcy"  
[X Link](https://x.com/IAMERICAbooted/status/1961773611515048204)  2025-08-30T12:50Z [----] followers, [----] engagements


"OAuth - Kerberos for the internet. Most offsec people exploit configurations with Kerberos on most engagements which allows them to move laterally and privilege escalate leading to domain compromises. Oauth is a delegation protocol used for authorization just like Kerberos is a delegation protocol in Hacktive DIrectory. I have said numerous times over the past couple years that you cannot do cloud security without understanding the attack surface of Oauth and other cloud protocols like SAML OIDC and WS-FED. You should be thinking of Oauth tokens like passwords that give you access to various"  
[X Link](https://x.com/IAMERICAbooted/status/1962862428141531445)  2025-09-02T12:57Z [----] followers, [----] engagements


"Working in security is like telling a toddler not to touch the hot stove"  
[X Link](https://x.com/IAMERICAbooted/status/1962916152650195339)  2025-09-02T16:30Z [----] followers, [----] engagements


"I've been using this for a year and it is the best thing that Microsoft has done for security imo Microsoft have released a great (free) Zero Trust Workshop that helps organizations with an actionable roadmap to achieving zero trust in their organization. https://t.co/dcqjcTcSXA https://t.co/08Gu0UVzjV 00:00 - Introduction 00:07 - Zero Trust [---] 00:22 - NIST zero trust Microsoft have released a great (free) Zero Trust Workshop that helps organizations with an actionable roadmap to achieving zero trust in their organization. https://t.co/dcqjcTcSXA https://t.co/08Gu0UVzjV 00:00 - Introduction"  
[X Link](https://x.com/IAMERICAbooted/status/1963317324892791237)  2025-09-03T19:05Z [----] followers, 10.2K engagements


"At the end of July I resigned from my role because I was burned out. I worked with an awesome team and they were not the reason. My resignation turned out to be a blessing in disguise because the organization restructured. After a lot of thought I wouldn't have been happy there because they have a culture of blaming security for everything when almost everything that was a problem had nothing to do with security. The problems were due to skills gaps and lack of troubleshooting skills. Today is my last day. Here are some things I've learned from this experience. [--]. I'm responsible for taking"  
[X Link](https://x.com/IAMERICAbooted/status/1963944548297822642)  2025-09-05T12:37Z [----] followers, 11.3K engagements


"Someone asked me the other day if I had a CISSP after demonstrating in depth practical skill in design and architecture implementation a resume with [--] years of business experience including jurisprudence exams for licensing in multiple states discussion of various compliance frameworks that govern organizations and the delicate balance of security and user experience. You will not learn how run an infrastructure in a book. Period. Asking someone like me if they have a CISSP is almost an insult. I teach people what the CISSP doesn't"  
[X Link](https://x.com/IAMERICAbooted/status/1964325233164190110)  2025-09-06T13:50Z [----] followers, [----] engagements


"Did I do a CISSP Nope. But here's some of the things I did do: Applied learning: SC-300 SC-400 SC-401 SC-100 AZ-500 MD-102 MS-102 PL-600 Fundamentals of AI Machine Learning and Azure AI services. More importantly I created solutions in IAM CIAM data security power platform mail security Advanced Encryption SharePoint and Teams security Privileged Access Management and governance M365 services security Azure security penetration testing where I took control of every org I touched except one design and execution of purple teams; PoC testing and implementation of controls security engineering"  
[X Link](https://x.com/IAMERICAbooted/status/1964371498002764098)  2025-09-06T16:53Z [----] followers, 18.1K engagements


"Everyone who works in Microsoft Cloud download this roadmap. Thank @merill and many others at Microsoft when you get a chance. This is the best work Microsoft has done for security in my humble opinion. I used to be in the "Zero Trust is just an idea" camp. Microsoft has worked very hard to create a step by step roadmap and includes links to documentation with implementation instructions depending on the vertical. It helps a lot if you have applied learning and hands on experience. I wouldn't say it's the best for newcomers but if it were me when I was new I would go straight to it and start"  
[X Link](https://x.com/IAMERICAbooted/status/1964564447915131160)  2025-09-07T05:40Z [----] followers, 34.8K engagements


"I'm so sad. I don't think Milton is coming home. 😢"  
[X Link](https://x.com/IAMERICAbooted/status/1964863499215217045)  2025-09-08T01:28Z [----] followers, [----] engagements


"He came back ❤ I'm so sad. I don't think Milton is coming home. 😢 I'm so sad. I don't think Milton is coming home. 😢"  
[X Link](https://x.com/IAMERICAbooted/status/1965000906552037741)  2025-09-08T10:34Z [----] followers, [----] engagements


"2 years ago: every vendor: We solve Zero Trust for you. Vendors now: Our proprietary AI "  
[X Link](https://x.com/IAMERICAbooted/status/1965559515719586074)  2025-09-09T23:34Z [----] followers, [----] engagements


"I've done a lot of interviews in my life. As a freelancer I have an interview with every company I do work for. Here is the best advice I can offer: Be yourself. Don't try to answer questions the way you think people want them answered. Have a conversation. This is the time you get to share stories about your experience and bond with people. Just as much as you may want a job they need a worker. It is a 2-way street and not every place will be the right fit at any given point in time. Also take inventory of the things you imagine being important to you based on your previous experience and"  
[X Link](https://x.com/IAMERICAbooted/status/1966270805391675686)  2025-09-11T22:41Z [----] followers, 10.5K engagements


"Is cybersecurity a dying field I dont think people care about breaches anymore"  
[X Link](https://x.com/IAMERICAbooted/status/1967010555194986505)  2025-09-13T23:40Z [----] followers, 29.7K engagements


"Let's play a game: How do you hold an M365 tenant hostage So the attacker got Global Admin. Let's play scorched earth. [--]. Lock out all the admins except yourself with CAPs. [--]. Change all the client secrets and certs+keys. [--]. Block everyone from using Exchange Sharepoint and Teams with CAPs. [--]. Enable customer lockbox [--]. Configure all the sensitivity labels with BYOK :p [--]. Unassign all Enterprise applications and revoke API permissions :p [--]. Disable any B2B trusts [--]. In all the admin centers remove all admin roles not in Entra. What else"  
[X Link](https://x.com/IAMERICAbooted/status/1967024072396513303)  2025-09-14T00:34Z [----] followers, 28.9K engagements


"You should never enable a block policy without Simulation mode tuning and phasing in. Otherwise this is a decent representation of how many orgs have started using Purview solutions. Keep in mind the points in this blog are very basic and simplified. Otherwise it's a nice checklist. I highly recommend using Microsoft's Zero Trust framework workbook for the data plane to get started. There is easily [--] year worth of work in there and it just scratches the surface of the data plane protection The Lightweight Guide to Mitigate Data Leakage https://t.co/OksFmQQTmh #MicrosoftPurview #Compliance"  
[X Link](https://x.com/IAMERICAbooted/status/1969199959280140531)  2025-09-20T00:40Z [----] followers, [----] engagements


"Holy Moly - they got Global Admin 🙈👀😵 It's going to be a wild year. Wait till they figure out the stuff they can do with Teams. AI has changed the game. RMAUs will be required new solutions will come to market and in person comms will make a come back next year. https://t.co/H1JaSTSYKs https://t.co/EJf8LNzgfg It's going to be a wild year. Wait till they figure out the stuff they can do with Teams. AI has changed the game. RMAUs will be required new solutions will come to market and in person comms will make a come back next year. https://t.co/H1JaSTSYKs https://t.co/EJf8LNzgfg"  
[X Link](https://x.com/IAMERICAbooted/status/1969311654102872261)  2025-09-20T08:04Z [----] followers, 14.2K engagements


"Whoever is selling IR retainers for specialized skills in M365 you should increase your retainer fees. It's about to get real"  
[X Link](https://x.com/IAMERICAbooted/status/1969312311992074646)  2025-09-20T08:06Z [----] followers, 11.6K engagements


"I don't want to hear about cybersecurity shortages when the world is getting owned by teenagers. While everyone's busy arguing about qualifications uncertified adversaries are compromising [---] orgs at a time. https://cyberscoop.com/dod-cyber-workforce-hiring-25-days-mark-gorak-fedtalks/ https://cyberscoop.com/dod-cyber-workforce-hiring-25-days-mark-gorak-fedtalks/"  
[X Link](https://x.com/IAMERICAbooted/status/1970453011202736372)  2025-09-23T11:39Z [----] followers, [----] engagements


"Red Teamers: super crafty and highly skilled methods to evade "detections" on the commandline Real threat actors: ipconfig /all netstat -ano tasklist /svc systeminfo Red Teamers: fancy evasion of the MTAs Screen NextGen firewalls EDR and AV Real threat actors: send a Teams meeting :p"  
[X Link](https://x.com/IAMERICAbooted/status/1970458435192832487)  2025-09-23T12:01Z [----] followers, 18.7K engagements


"Here's a quick companion blog post I threw together if anyone is interested. These are not perfect solutions but there's some mitigations you can consider in this blog post to common M365 initial access vectors we discussed in Entra Chat: https://ericazelic.medium.com/common-initial-access-vectors-via-phishing-in-the-microsoft-cloud-world-68eedb98f52d 📖 From Dispensing Pills to Dismantling Cyber Threats: One Woman's Epic Pivot In [----] @IAMERICAbooted was ordering drugs with shared passwordsfast-forward to [----] and she's pen-testing Azure tenants like a boss. This week on"  
[X Link](https://x.com/IAMERICAbooted/status/1970530172018335857)  2025-09-23T16:46Z [----] followers, 23.8K engagements


"This article is really good https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944 https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944"  
[X Link](https://x.com/IAMERICAbooted/status/1970897713551298564)  2025-09-24T17:06Z [----] followers, [----] engagements


"Today I turned down a fractional CISO gig. I don't want to write policy and procedure implement a compliance framework and deal with what CISOs have to deal with. Their job is no fun"  
[X Link](https://x.com/anyuser/status/1971001177665044871)  2025-09-24T23:57Z [----] followers, [----] engagements


"I hope Microsoft gave @_dirkjan at least a few million for that bug. It was insanely valuable and he reported it"  
[X Link](https://x.com/IAMERICAbooted/status/1971600502732513648)  2025-09-26T15:39Z [----] followers, 16.3K engagements


"Hey everyone I updated the Teams attack section to add some clarifying points. Let me know if something doesn't make sense or if you think it's wrong. I also tried to get rid of @nikhil_mitt 's diagram in the thumbnail but it's cached or something 😂 https://ericazelic.medium.com/common-initial-access-vectors-via-phishing-in-the-microsoft-cloud-world-68eedb98f52d https://ericazelic.medium.com/common-initial-access-vectors-via-phishing-in-the-microsoft-cloud-world-68eedb98f52d"  
[X Link](https://x.com/IAMERICAbooted/status/1971704489515405499)  2025-09-26T22:32Z [----] followers, 11.2K engagements


"I'm starting a new job in [--] days as a senior engineer. Don't ask me where because I'm not telling any of you hackers 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1971948279001944237)  2025-09-27T14:41Z [----] followers, [----] engagements


". until people's identities start getting deleted. Those of us who work in cybersecurity know these systems will be high value targets. We also know how terrible organizations are at securing high value targets. A decentralized approach gives you layers of defenses from losing your identity. Nobody cared about their identity until it was compromised and they had to deal with the aftermath. I'm genuinely BAFFLED as to the uproar over digital ID. .one system will not present any more issues than many databases access to many services easier - having had to supply copies of birth certificates"  
[X Link](https://x.com/IAMERICAbooted/status/1972291930961711362)  2025-09-28T13:26Z [----] followers, [----] engagements


"Anyone interested in a blog post about how to configure Defender for Office Plan 2"  
[X Link](https://x.com/IAMERICAbooted/status/1973599216028229977)  2025-10-02T04:01Z [----] followers, [----] engagements


"You must build it While you are building it you can do the following courses: From Microsoft: SC-300 SC-200 SC-100 SC-401 MD-102 MS-102 AZ-500 From Altered Security: CARTP and CARTE From Pwned Labs: Microsoft Cloud courses and labs For AD- include ADCS and on-prem Exchange and then make it hybrid with MS Cloud. Most F100s still use ADFS with tertiary IdPs too so keep that in mind. While Microsofts Zero Trust Workshop with workbook is not beginner make it your best friend now. It allows you to see the forest from an airplane instead of the individual trees from the ground. Having a basic"  
[X Link](https://x.com/IAMERICAbooted/status/1975514033198432736)  2025-10-07T10:50Z [----] followers, 29.6K engagements


"Someone once told me: we use a PAM solution - the admin's password is changed every time they elevate. Me: I became that admin when they logged in to a server I controlled after compromising the primary site server for SCCM. The admin was DBO for all the databases in the org. Your PAM solution did nothing to stop it. Them: 🤔 How do we fix it Me: mark them sensitive and cannot be delegated and put them in the Protected Users group. Then check your Cyberark bill for giggles"  
[X Link](https://x.com/IAMERICAbooted/status/1976859873523491219)  2025-10-11T03:58Z [----] followers, 23.5K engagements


"95% politics and figuring out who owns what where and how to get them to resolve the requirements you need. 5% technical stuff. Hey @SwiftOnSecurity check out what FB memories popped up for me today https://t.co/naxqoeNOyh Hey @SwiftOnSecurity check out what FB memories popped up for me today https://t.co/naxqoeNOyh"  
[X Link](https://x.com/IAMERICAbooted/status/1977039041507082589)  2025-10-11T15:50Z [----] followers, [----] engagements


"If you're trying to onboard Defender for Cloud Apps and you are having trouble creating file policies check Entra for this first party app. If it's not there you implementation has a configuration error. See below for details"  
[X Link](https://x.com/IAMERICAbooted/status/1977051179898073167)  2025-10-11T16:38Z [----] followers, [----] engagements


"If you want to always have a job in IT read the documentation. Every day. Make it a lifelong habit. It's astonishing to me how many people dont. Even people at Microsoft. I have hands on experience with a lot of vendor products now and the first thing I do is read the documentation. Some vendor documentation is terrible. Other vendor documentation expands far beyond technical capabilities. I read at least [--] (sometimes much more) hours a day. Microsoft has more than [--] lifetimes of documentation. You will never be able to read it all. Between Windows Active Directory techncial specifications"  
[X Link](https://x.com/anyuser/status/1977381641128444208)  2025-10-12T14:31Z [----] followers, 24.6K engagements


"Dear M365 admins: ALL OF YOU Are you using Power Platform If you can't answer that KEEP READING. There are still things you need to do. Here are some absolute basics that most organizations miss. You license comes with Power Apps and Power Automate functionality and a default environment for every user. If you have standard licensing applied across all users without granular controls you need to ensure AUDITING IS ENABLED in Power Platform admin center. If you have an incident where data is stolen from your SharePoint and Teams and Exchange you will not have complete visibility to find out"  
[X Link](https://x.com/IAMERICAbooted/status/1977417699207602188)  2025-10-12T16:54Z [----] followers, 22.7K engagements


"For those of you implementing Information Protection if you plan to use access controls with your Sensitivity Labels you will have problems with user experience AND functionality if you do not convert classic sites in SharePoint to group sites. Additionally ensure you are creating groups from the correct admin center or else they will default to Public Groups and you will have data exposure issues. Remediate this first before applying access controls to Sensitivity Labels. In the AI world you NEED access controls for certain regulated highly restricted data configured in some Sensitivity"  
[X Link](https://x.com/IAMERICAbooted/status/1977424157122961571)  2025-10-12T17:20Z [----] followers, [----] engagements


"Personal Opinion: If you're looking for people to help you with Purview and AI in M365 you will ideally want someone with Global Admin experience with: Entra: Apps Conditional Access Groups Devices Administrative Units SharePoint/OneDrive Teams Exchange Power Platform Intune Apps Admin Center Oauth SAML OIDC WS-FED Security Center Otherwise you will struggle with gaining maturity over the data plane. Everything above is required to do Purview"  
[X Link](https://x.com/IAMERICAbooted/status/1977454808576749585)  2025-10-12T19:22Z [----] followers, [----] engagements


"Big orgs crack me up. Consultants: we need the equivalent of what's effectively Global Admin to perform our scope of work. Big org: OK. Done Internal employees: I need X role and temporary Global Reader so I can plan and implement approved work. Big org: I don't think we can do that. 😆 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1977463576777376140)  2025-10-12T19:57Z [----] followers, 11.1K engagements


"Hello World I dont work for Microsoft but please just get E5 and save yourself so much frustration with licensing and integration madness that causes downstream problems. If your an engineer you know what Im talking about. Yes I know it's expensive. It's because you're paying for: IdP Productivity and Collaboration tools Mail with security CASB CNAPP CSPM SSPM DLP EDR and AV SIEM (extra) Device management Application control Attack surface reduction Advanced configuration management Patching solution MDM with Security Compliance tools Legal Tools Bookkeeping tools Project Management Tools"  
[X Link](https://x.com/IAMERICAbooted/status/1979131509299659184)  2025-10-17T10:24Z [----] followers, 20.1K engagements


"One thing I love about Defender for Cloud Apps is it's ability to pivot directly from the Activity Logs to Advanced Hunting with the KQL already populated for you to search across the fleet. Another thing I love about Defender for Cloud Apps is the ability to autoremediate with Power Automate ability to pivot into policy creation directly from telemetry and so much more. Its come a LONG way in the past [--] years in terms of functionality"  
[X Link](https://x.com/IAMERICAbooted/status/1979336951175282705)  2025-10-18T00:01Z [----] followers, [----] engagements


"Me: I found something that could potentially be a privilege escalation. Can I try to PoC it Boss: No red team stuff. Give it to the red team. Me:"  
[X Link](https://x.com/IAMERICAbooted/status/1979940624318022076)  2025-10-19T16:00Z [----] followers, [----] engagements


"Got blocked from installing PowerShell [--] via the .msi I need pwsh7 to use a tool I need for a high priority objective. I try to do it the right way: open tickets request access wait two weeks still no progress. Went around it by downloading it from zip and altering local environment variables. Why am I telling this story Your security controls are supposed to block attackers not employees from doing their jobs. Most of the time your "controls" dont work like you think they do anyway"  
[X Link](https://x.com/IAMERICAbooted/status/1981345806998294941)  2025-10-23T13:03Z [----] followers, [----] engagements


"Let's talk about app consents in Entra again for a moment. When you allow users to consent to delegated API permissions for things like the users' email keep in mind that the application which exists somewhere else now has company email content in their cloud most likely. What if it's your legal team and their email contains privileged information What if it your executives with highly confidential proprietary information The SaaS app could now have all that data. What if it's healthcare professionals and there's PHI in their email regularly What if you work for a global bank or a defense"  
[X Link](https://x.com/IAMERICAbooted/status/1981772167898452081)  2025-10-24T17:17Z [----] followers, 13.5K engagements


"Holy Moly Dirk-jan has been busy the past two years lol https://github.com/dirkjanm/ROADtools/wiki/ROADtools-Token-eXchange-(roadtx) https://github.com/dirkjanm/ROADtools/wiki/ROADtools-Token-eXchange-(roadtx)"  
[X Link](https://x.com/IAMERICAbooted/status/1982229686513020985)  2025-10-25T23:35Z [----] followers, 11.9K engagements


"The OAuth flow being targeted in recent attacks - authorization code flow. Its amazing the attacks you can craft by reading the documentation 😋 https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow"  
[X Link](https://x.com/IAMERICAbooted/status/1982445376343851054)  2025-10-26T13:53Z [----] followers, 21.5K engagements


"Guess what y'all I learned everything I know about M365 in front of all of you. I started [--] years ago. I can't believe how far I've come and how far I still have to go Four years of Hacktive Directory shenanigans prior to that really helped a lot too. I will say that offsec consulting and building infrastructure were probably the biggest reasons I've learned so fast outside of all the amazing mentorship I've received here. Thank you all who have helped me develop my skills over the years. ❤"  
[X Link](https://x.com/IAMERICAbooted/status/1982463665388376269)  2025-10-26T15:05Z [----] followers, [----] engagements


"Do you know why Purview is the hardest admin center in M365 Because it requires you to have knowledge and skills in ALL of M365 and how it works. ALL of it"  
[X Link](https://x.com/IAMERICAbooted/status/1983150664399413686)  2025-10-28T12:35Z [----] followers, [----] engagements


"For you nerds like me that read the docs https://learn.microsoft.com/en-us/microsoft-365/enterprise/network-intermediationview=o365-worldwide&utm_source=chatgpt.com https://learn.microsoft.com/en-us/microsoft-365/enterprise/network-intermediationview=o365-worldwide&utm_source=chatgpt.com"  
[X Link](https://x.com/IAMERICAbooted/status/1983341263987585307)  2025-10-29T01:13Z [----] followers, 30.5K engagements


"As a consultant if you talk about things you dont know you will not be successful. Therefore nothing goes in my reports without PoC or direct references without extrapolation. In debrief if I'm asked a question and I dont know I write down the question and find an answer and send it in email. You learn really fast to not discuss things you dont know. It doesn't devalue your efforts either in fact it's quite the opposite. It builds trust with clients because they know you are giving your 100% to be accurate and know your own limitations. Everyone has knowledge gaps. Everyone. Especially me."  
[X Link](https://x.com/IAMERICAbooted/status/1983499300366614728)  2025-10-29T11:40Z [----] followers, [----] engagements


"Who wants a free tutorial on how to set up encrypted labels to block from AI and still be able to share externally or define your own permissions I've been doing this for a while now and I promise you it is not hard"  
[X Link](https://x.com/IAMERICAbooted/status/1984035695099572441)  2025-10-30T23:12Z [----] followers, [----] engagements


"I struggle with wanting to post content and then worrying about someone complaining because they think it's about my current workplace when it's stuff I've seen consulting even though I dont tell anyone where I work not even on my LinkedIn 🙄 😒 Look I've worked with [--] orgs now. I see the same shit everywhere in varying configurations"  
[X Link](https://x.com/IAMERICAbooted/status/1984615477843309027)  2025-11-01T13:36Z [----] followers, 23.1K engagements


"MFA is no longer the golden control. Even phishing resistant MFA can be downgraded in most tenants for AITM and I expect to see this a lot more in [----] and beyond. Security solutions are often not configured to have high precision in preventing AITM. Moreover browser-in-the-browser masks what we've taught users in regard to viewing the links and delivery with encryption delays and via CDNs that are trusted domains in many orgs will be out-of-the-box in open-source phsihing kits. These attacks are not new. They've been around for a couple years now. They are becoming more popular. Thats why"  
[X Link](https://x.com/IAMERICAbooted/status/1986790931262017608)  2025-11-07T13:40Z [----] followers, 31.2K engagements


"The same recommendations that have been in my reports for years. Maybe people will listen to the Premier Incident Responders. ☺ One compromised Microsoft Entra ID or Azure account can lead to a full tenant takeover. Our new framework ranks roles by risk and adds strong MFA + secure admin workstations to protect the most critical accounts. Read the whitepaper: https://t.co/9NMapg6mVj https://t.co/6ElF1HY5Rh One compromised Microsoft Entra ID or Azure account can lead to a full tenant takeover. Our new framework ranks roles by risk and adds strong MFA + secure admin workstations to protect the"  
[X Link](https://x.com/IAMERICAbooted/status/1986950860878831710)  2025-11-08T00:16Z [----] followers, [----] engagements


"Anyone interested in M365 imo the best 2000+ pages you will ever read: Cheers 🍻 https://learn.microsoft.com/en-us/entra/identity-platform/v2-overview https://learn.microsoft.com/en-us/entra/identity-platform/v2-overview"  
[X Link](https://x.com/IAMERICAbooted/status/1987157211471032357)  2025-11-08T13:56Z [----] followers, 17.7K engagements


"IAM = Identity AND ACCESS management. When you use a CASB you are delegating ACCESS management to the CASB. What is a CASB - Sanctioning (determining ACCESS to apps) - ACCESS management (a component of IAM) - Session management (Data in Motion DLP) - Labeling data and determining ACCESS - UEBA (threat policies) - Governance (monitoring and actioning API and app deprecation and determining risk) - SSPM (SaaS Posture Management) When you have a CASB AND you are using it you have delegated ACCESS management (of IAM) to the CASB. How is this achieved Oauth"  
[X Link](https://x.com/IAMERICAbooted/status/1987177280062296164)  2025-11-08T15:15Z [----] followers, 14.1K engagements


"For anyone that's wants to learn more about Defender for Cloud Apps without reading almost [----] pages of documentation like I did the DFA Ninja training is good even though the UI is different now and some things have been updated. https://techcommunity.microsoft.com/blog/microsoft-security-blog/microsoft-defender-for-cloud-apps-ninja-training--june-2022/2751518 IAM = Identity AND ACCESS management. When you use a CASB you are delegating ACCESS management to the CASB. What is a CASB - Sanctioning (determining ACCESS to apps) - ACCESS management (a component of IAM) - Session management (Data"  
[X Link](https://x.com/IAMERICAbooted/status/1987239024914776513)  2025-11-08T19:21Z [----] followers, [----] engagements


"I don't think a lot of people realize that their whole security role exists because of compliance frameworks that govern the org. From a business perspective most organizations are looking to be compliant. Security is a subset of Compliance and IT and has a history (and reasonably so) for causing productivity and user experience impacts. This is why orgs look to achieve what is required from compliance. However to understand and ensure the compliance requirements are met takes security teams. If we leave everything up to ops there would no controls 😋 If we leave everything up to security"  
[X Link](https://x.com/IAMERICAbooted/status/1987508100803219643)  2025-11-09T13:10Z [----] followers, [----] engagements


"One thing that was hard for me to get used to in leadership positions is delegation. If you find yourself overwhelmed and staying late or working harder than everyone else here's what needs to happen: Delegate and accept that people are not going to give you exactly what you want. Everyone does things different and has different perspective. The goal is to take items off your plate. If your overloaded unequally to your team that's a YOU problem. Delegate and let people handle it and accept in the forefront that they will handle it different than you. The goal is to not sink the ship not"  
[X Link](https://x.com/IAMERICAbooted/status/1997486022196703342)  2025-12-07T01:59Z [----] followers, [----] engagements


"Is anyone else feeling afraid to exercise free speech without fear of persecution Or is that just me"  
[X Link](https://x.com/IAMERICAbooted/status/2015504211413217391)  2026-01-25T19:17Z [----] followers, [---] engagements


"Who wants to test this in prod for me 😋 Evaluates M365 privileged access in orgs using PIM. https://github.com/notEricaZelic/M365AdminAccessReviewer https://github.com/notEricaZelic/M365AdminAccessReviewer"  
[X Link](https://x.com/IAMERICAbooted/status/1923769018835403104)  2025-05-17T15:54Z [----] followers, 15.3K engagements


"Happy Tuesday friends. Here is some free defense advice. Feel free to add and I will add your name to the changelog and what suggestion you made: https://ericazelic.medium.com/common-initial-access-vectors-via-phishing-in-the-microsoft-cloud-world-68eedb98f52d https://ericazelic.medium.com/common-initial-access-vectors-via-phishing-in-the-microsoft-cloud-world-68eedb98f52d"  
[X Link](https://x.com/IAMERICAbooted/status/1970530445365293281)  2025-09-23T16:47Z [----] followers, 14K engagements


"Remember folks the goal is to block attackers not users from doing their jobs"  
[X Link](https://x.com/IAMERICAbooted/status/1979218301893869918)  2025-10-17T16:09Z [----] followers, 14.4K engagements


"Do yourself a favor: go into SharePoint Admin Center classic settings and disable ability to create subsites. You'll thank me later"  
[X Link](https://x.com/IAMERICAbooted/status/1984669505960706159)  2025-11-01T17:10Z [----] followers, [----] engagements


"If you have valid user creds and you know the victim uses Confluence and SSO but M365 requires MFA you can use those credentials to see if you can trigger an SP-Initiated SAML authentication to retrieve an SSO token. It's more complex but did this on a red team once. Device Code Auth is certainly a phish I could see myself falling for as it blends in with a regular meeting invite and doesn't require entering my password. If you don't know what a Device Code Phish is check out this video @odiesec and I did. https://t.co/neOngnMGpm Device Code Auth is certainly a phish I could see myself"  
[X Link](https://x.com/IAMERICAbooted/status/1911119527552630938)  2025-04-12T18:09Z [----] followers, 12K engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing