# ![@IAMERICAbooted Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1900149365475364864.png) @IAMERICAbooted notEricaZelic

notEricaZelic posts on X about microsoft, if you, azure, ai the most. They currently have [------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.

### Engagements: [-----] [#](/creator/twitter::1900149365475364864/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:interactions.svg)

- [--] Week [------] +50%
- [--] Month [-------] +10,651%
- [--] Months [---------] +142%

### Mentions: [--] [#](/creator/twitter::1900149365475364864/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:posts_active.svg)

- [--] Week [--] -27%
- [--] Month [---] +1,388%
- [--] Months [---] +94%

### Followers: [------] [#](/creator/twitter::1900149365475364864/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:followers.svg)

- [--] Week [-----] +1.90%
- [--] Month [-----] +1.70%
- [--] Months [-----] +76%

### CreatorRank: [-------] [#](/creator/twitter::1900149365475364864/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1900149365475364864/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  [stocks](/list/stocks)  [finance](/list/finance)  [countries](/list/countries)  [social networks](/list/social-networks)  [celebrities](/list/celebrities)  [nba](/list/nba)  [travel destinations](/list/travel-destinations)  [fashion brands](/list/fashion-brands)  [luxury brands](/list/luxury-brands) 

**Social topic influence**
[microsoft](/topic/microsoft) #1412, [if you](/topic/if-you), [azure](/topic/azure), [ai](/topic/ai), [okta](/topic/okta), [cloud](/topic/cloud), [entra](/topic/entra), [this is](/topic/this-is), [crowdstrike](/topic/crowdstrike), [zero trust](/topic/zero-trust)

**Top accounts mentioned or mentioned by**
[@nathanmcnulty](/creator/undefined) [@merill](/creator/undefined) [@ukdanielcard](/creator/undefined) [@jgmac1106](/creator/undefined) [@grok](/creator/undefined) [@mathematicaken](/creator/undefined) [@cjk365](/creator/undefined) [@uk_daniel_card](/creator/undefined) [@arpeyton](/creator/undefined) [@dirkjan](/creator/undefined) [@dylanowendylan](/creator/undefined) [@aiheretic](/creator/undefined) [@dasgrog](/creator/undefined) [@zaabit](/creator/undefined) [@decryptedtech](/creator/undefined) [@itguysocal](/creator/undefined) [@ericprice918](/creator/undefined) [@techspence](/creator/undefined) [@cybersecaj](/creator/undefined) [@fardarter](/creator/undefined)

**Top assets mentioned**
[Microsoft Corp. (MSFT)](/topic/microsoft) [Crowdstrike Holdings Inc (CRWD)](/topic/crowdstrike) [Zscaler Inc (ZS)](/topic/$zs) [Alphabet Inc Class A (GOOGL)](/topic/$googl)
### Top Social Posts
Top posts by engagements in the last [--] hours

"@BleedinBlue89 And I don't mean that in a bad way. it's just that a lot of what we have to do for compliance doesn't really offer big impact security benefits. All I care about is the most common initial access vectors and data theft. Compliance is a whole different world of requirements"  
[X Link](https://x.com/IAMERICAbooted/status/1908284595373555872)  2025-04-04T22:24Z [---] followers, [--] engagements


"What blog post would you be interested in most [--]. That M365 Role and the Terrible Things You Can Do With IT [--]. Modern Phishing Attacks for M365 Initial Acces [--]. How to Ransome an M365 Tenant"  
[X Link](https://x.com/IAMERICAbooted/status/1908471139287937315)  2025-04-05T10:45Z [---] followers, [----] engagements


"@SamErde Confluence -- SharePoint Bitbucket -- Github Jira -- Planner MS owns or created the tools above. Why not use them"  
[X Link](https://x.com/IAMERICAbooted/status/1908516981398994954)  2025-04-05T13:48Z [---] followers, [--] engagements


"@m0bilej0n @wpninjasus I already have my tenant mitigated for it. But I know the mitigation I used is not well known or popular yet"  
[X Link](https://x.com/IAMERICAbooted/status/1908654968933908646)  2025-04-05T22:56Z [---] followers, [--] engagements


"@HRwane @MathematicaKen I set business premium tenants with Azure pay-as-you-go. It's usually about 300$. I also have an E5 tenant with a friend for when I need to test things and see E5 features but that was pricey"  
[X Link](https://x.com/IAMERICAbooted/status/1909729457134248223)  2025-04-08T22:05Z [---] followers, [--] engagements


"@HRwane @MathematicaKen I recommend getting a Business premium license with [--] users month to month with Azure pay-as-you-go. With Azure your first subscription will come with some free time. You can see it in the metter from -- entra http://portal.azure.com http://portal.azure.com"  
[X Link](https://x.com/IAMERICAbooted/status/1909729917689803048)  2025-04-08T22:07Z [---] followers, [--] engagements


"My answer is the least popular right now. Surprise :P What's the number one challenge you see defending an organisation from cyber security perspective please comment (and if other please comment) What's the number one challenge you see defending an organisation from cyber security perspective please comment (and if other please comment)"  
[X Link](https://x.com/IAMERICAbooted/status/1910288085314601274)  2025-04-10T11:05Z [---] followers, [---] engagements


"Hey Microsoft we have enough talent in breaking our own tenants we don't need your help breaking things too. 😜"  
[X Link](https://x.com/IAMERICAbooted/status/1910398049589071933)  2025-04-10T18:22Z [---] followers, [---] engagements


"I need a new office chair. I need to clean the office. I need to do laundry. I need get offline 😂"  
[X Link](https://x.com/IAMERICAbooted/status/1911419462479233354)  2025-04-13T14:01Z [---] followers, [---] engagements


"Does anyone know about the associated costs if any The amount of log ingestion for some orgs is real and has a cost. Most Microsoft tenants do not have Advanced Auditing configured correctly and orgs only find out after it is too late :( I tried really hard to make this as short and simple as possible. Please be nice to your IR folks and set this up it's important ;) https://t.co/NKtQGQJH1O Most Microsoft tenants do not have Advanced Auditing configured correctly and orgs only find out after it is too late :( I tried really hard to make this as short and simple as possible. Please be nice to"  
[X Link](https://x.com/IAMERICAbooted/status/1912462927153479819)  2025-04-16T11:07Z [---] followers, [----] engagements


"@arpeyton @NathanMcNulty @WellKnitTech Yep Ask us how many times we responded to incidents with no UALs and no SIEM xD. @SecurityAura Or how many times you respond to incidents with Crowdstrike deployed with default profiles in audit mode and nobody working the detections"  
[X Link](https://x.com/IAMERICAbooted/status/1912694728367263994)  2025-04-17T02:28Z [---] followers, [---] engagements


"I never get bored of observing when admins learn that you can access all admin portals as a non-privileged role you can get all this information from the APIs even when there is a CAP in place and anonymous users allows unauthenticated users to enumerate directory members 😄"  
[X Link](https://x.com/anyuser/status/1913011897277833475)  2025-04-17T23:29Z [----] followers, [----] engagements


"People used to fuss about directory.readwrite.all Have they met tenant.readwrite.all ;p"  
[X Link](https://x.com/IAMERICAbooted/status/1915544928358224247)  2025-04-24T23:14Z [---] followers, [----] engagements


"Breaking News: Fast food restaurants all over America have been found to be engaging in a massive fraud scheme: They have been selling ice and telling people it's soda. 🌰 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1915695861239083142)  2025-04-25T09:14Z [---] followers, [---] engagements


"Today I learned that DIB has its own Zero Trust Arcitecture feom Microsoft. Womp womp"  
[X Link](https://x.com/IAMERICAbooted/status/1916627793628057980)  2025-04-27T22:57Z [---] followers, [---] engagements


"When orgs discover Planner but the use Jira"  
[X Link](https://x.com/IAMERICAbooted/status/1917962339992690739)  2025-05-01T15:20Z [---] followers, [----] engagements


"Ok I lied. No longer a fan of KQL or chatgpt. Chatgpt is almost worse than me at writing scripts and queries"  
[X Link](https://x.com/IAMERICAbooted/status/1918037400032334193)  2025-05-01T20:18Z [---] followers, [----] engagements


"@ZanussiZaandam @dasgrog already set up. I can easily add members to my groups make them private apply encrypted sensitivity labels assign tasks everything is already audited and logged in the UAL. It's already linked to SharePoint. I don't have to create all the integrations like I do in Jira"  
[X Link](https://x.com/IAMERICAbooted/status/1918266522415272398)  2025-05-02T11:29Z [---] followers, [--] engagements


"@ZanussiZaandam @dasgrog Confluence Snaplogic Bitbucket etc. It's already integrated with Power Automate and Power Apps for easy customizations. I can easily make Dashboards in PowerBI. Everything I possibly need that I have to develop with Atla$$Ian products is already builtin. The problem is"  
[X Link](https://x.com/IAMERICAbooted/status/1918266970509541621)  2025-05-02T11:31Z [---] followers, [--] engagements


"@ZanussiZaandam @dasgrog Most people don't know M365 well enough to appreciate the beauty and value of the design. People are stuck in their money sucking ways"  
[X Link](https://x.com/IAMERICAbooted/status/1918267163757920717)  2025-05-02T11:31Z [---] followers, [--] engagements


"@ZanussiZaandam @dasgrog Jira+Confluence+Bitbucket+Snaplogic is a waste of money imo. The cools kids are no longer cool"  
[X Link](https://x.com/IAMERICAbooted/status/1918267887132762369)  2025-05-02T11:34Z [---] followers, [--] engagements


"Stealing the tokens from the endpoint on a device that probably has Crowdstrike or MDE on it is much harder than being elevated all the time. PIM sends notifications to other admins that you are elevated. You can also require another admin to approve with a ticket # I love occasionally highlighting this "issue" with PIM because too many believe it is providing protection that it is not When we activate PIM all existing tokens are also elevated which could include stolen tokens. A great starting thread: https://t.co/woY6r5f5JN I love occasionally highlighting this "issue" with PIM because too"  
[X Link](https://x.com/IAMERICAbooted/status/1919950801474060463)  2025-05-07T03:01Z [---] followers, [----] engagements


"Registration Campaign is awesome. You can set it with a snooze of [--] days to force everyone to register Microsoft Authenticator upon their first login. All users have to do is download the app. It's a simple process Earlier today I joined Dom on The Game @ Pax8 to talk about the features in Entra ID P2 as well as a quick update on the upcoming Maester release. Check it out at 👇 https://t.co/r769kTnfTr Earlier today I joined Dom on The Game @ Pax8 to talk about the features in Entra ID P2 as well as a quick update on the upcoming Maester release. Check it out at 👇 https://t.co/r769kTnfTr"  
[X Link](https://x.com/IAMERICAbooted/status/1920314824195440762)  2025-05-08T03:08Z [---] followers, [----] engagements


"@shellgio_ You can by disabling the authentication methods in the deprecated per-use MFA settings and limiting authentication methods in Entra to certain groups. Your admin accounts should be cloud-only and Emergency Access accounts should use FIDO2 hardware keys"  
[X Link](https://x.com/IAMERICAbooted/status/1920440516610523224)  2025-05-08T11:27Z [---] followers, [--] engagements


"There are plenty of admins who can't comprehend security engineers who never program and no shortage of managers who think they know what they're doing but don't.😋 I once hired a security engineer that didnt know how to code thinking theyll learn but they never did I once hired a security engineer that didnt know how to code thinking theyll learn but they never did"  
[X Link](https://x.com/IAMERICAbooted/status/1920920461552021788)  2025-05-09T19:15Z [---] followers, [----] engagements


"I might consider going to Black Hat now. :D I'll be returning to #BHUSA @BlackHatEvents this summer for a brand talk about moving laterally from AD to Entra ID. I don't think I've ever been this excited about a talk with lots of cool stuff to share 🎢 😄. https://t.co/NuUU51JEmZ I'll be returning to #BHUSA @BlackHatEvents this summer for a brand talk about moving laterally from AD to Entra ID. I don't think I've ever been this excited about a talk with lots of cool stuff to share 🎢 😄. https://t.co/NuUU51JEmZ"  
[X Link](https://x.com/IAMERICAbooted/status/1923739562876027140)  2025-05-17T13:57Z [---] followers, [---] engagements


"@BackSapper If you have the setting to enable local admin on joined devices local admins can elevate to system and get the credentials for the GA. Nathan explained to me that Intune Admins have been asking for this feature. to be able to turn it off if you don't use autopilot"  
[X Link](https://x.com/IAMERICAbooted/status/1924186722654417288)  2025-05-18T19:33Z [---] followers, [---] engagements


"I have courtside seats to the Lakers game one row behind Jack Nicholson. Just kidding it Microsoft architecture updates call. Same thing kinda. 😜"  
[X Link](https://x.com/IAMERICAbooted/status/1925351228793389401)  2025-05-22T00:41Z [---] followers, [---] engagements


"Since most of you never had courtside seats one row behind Jack Nicholson at a Lakers game I suppose you don't know how exciting that is and cant relate :p"  
[X Link](https://x.com/IAMERICAbooted/status/1925353725800894812)  2025-05-22T00:51Z [---] followers, [---] engagements


"https://www.youtube.com/watchv=WVNvoiA_ktw https://www.youtube.com/watchv=WVNvoiA_ktw"  
[X Link](https://x.com/IAMERICAbooted/status/1925749845551177750)  2025-05-23T03:05Z [---] followers, [----] engagements


"@MathematicaKen @mfsquiiid Omg vendors. . grrrrrrr"  
[X Link](https://x.com/IAMERICAbooted/status/1926056174039757262)  2025-05-23T23:22Z [---] followers, [---] engagements


"@MathematicaKen @mfsquiiid One thing you can do is download okta free version and integrate sso with entra and Okta both ways. Get some free versions of github and confluence and other apps and set it up. Then you have a play lab with oidc saml oauth and ws-fed"  
[X Link](https://x.com/IAMERICAbooted/status/1926057424798056713)  2025-05-23T23:27Z [---] followers, [----] engagements


"I slept [--] of the last [--] hours. Guess I was tired"  
[X Link](https://x.com/IAMERICAbooted/status/1926368181905396197)  2025-05-24T20:02Z [---] followers, [---] engagements


"@emiliensocchi @zaab_it @stianstrysse @merill @SantasaloJoosua Each admin center has it's own RBAC. Exchange Fabric PowerBI Power Platform Purview Defender etc. Many of these roles are not managed in Entra"  
[X Link](https://x.com/IAMERICAbooted/status/1926667339652645321)  2025-05-25T15:51Z [---] followers, [---] engagements


"@emiliensocchi @zaab_it @stianstrysse @merill @SantasaloJoosua Microsoft is deprecating the way to do this anyway in January [----]. And no despite what the docs say it does not require Azure Key Vault"  
[X Link](https://x.com/IAMERICAbooted/status/1926677225551654932)  2025-05-25T16:30Z [---] followers, [---] engagements


"@MathematicaKen @proximityNZ FML requires MDE then Microshit"  
[X Link](https://x.com/IAMERICAbooted/status/1927865452803326135)  2025-05-28T23:11Z [---] followers, [--] engagements


"@UK_Daniel_Card I once copied and pasted the SAM SYSTEM and Security hives from and ADFS server to my endpoint that had both crowdstrike and Defender for Identity on it in an RDP session. Not alerts created (or so the customer said)"  
[X Link](https://x.com/IAMERICAbooted/status/1928014827336675337)  2025-05-29T09:05Z [---] followers, [----] engagements


"Did Victoria lose her secrets Victorias Secret takes down website after security incident - @serghei https://t.co/QFmCCNjBoy https://t.co/QFmCCNjBoy Victorias Secret takes down website after security incident - @serghei https://t.co/QFmCCNjBoy https://t.co/QFmCCNjBoy"  
[X Link](https://x.com/IAMERICAbooted/status/1928400831423844653)  2025-05-30T10:39Z [---] followers, [---] engagements


"Is Microsoft ready to hire me to run their prod tenant yet :P I'm ready but you all probably need a few more years"  
[X Link](https://x.com/IAMERICAbooted/status/1928954754257797425)  2025-05-31T23:20Z [---] followers, [----] engagements


"Harley just stole the rest of my pizza off the counter. [--] slices and she is just a 27lb dog LOL"  
[X Link](https://x.com/IAMERICAbooted/status/1928958888952357284)  2025-05-31T23:36Z [----] followers, [---] engagements


"A lot of people forget that there is a remediation phase post-incident that usually takes [--] months to a year after the incident. All those costs come out of budget. The IR response the lawyers the regulatory audits potential fines 3rd party legal fees restructuring etc. Look at the careers pages of orgs that just had an incident that ended up on the 6pm news. Suddenly an extra few million in budget for new roles. I would respond with a question: How are you calculating "incident" costs Are you including the damage to company reputation/goodwill Are you including costs of a crash program to"  
[X Link](https://x.com/IAMERICAbooted/status/1930050833019715666)  2025-06-03T23:55Z [---] followers, [----] engagements


"Do you know why you implement CIS Benchmark controls It's not that those pieces of the technology are not exploitable when the control is implemented. It's because the very large majority of them are Microsoft recommended controls AND they are peer reviewed . BY THE WORLD. In cloud you have a shared responsibility model. The lawyers can explain it to you if you don't understand. This is also why you have the Secure Scores in multiple portals"  
[X Link](https://x.com/anyuser/status/1930944790167785854)  2025-06-06T11:08Z [----] followers, [----] engagements


"Hey @NathanMcNulty what is the best way to apply different ASR configs to different device groups through Intune"  
[X Link](https://x.com/IAMERICAbooted/status/1930968680197726388)  2025-06-06T12:43Z [---] followers, [----] engagements


"@jonathanbourke @CynicLib I'll try another one with a different model"  
[X Link](https://x.com/IAMERICAbooted/status/1931443006680273050)  2025-06-07T20:07Z [---] followers, [--] engagements


"For my European friends shits about to get real in the US. LA is just a catalyst"  
[X Link](https://x.com/IAMERICAbooted/status/1931671579840160255)  2025-06-08T11:16Z [---] followers, [---] engagements


"If LLMs and LRMs can't handle converting language to descriptive statistics without error do you really think you can reliably apply inferential statistics to large data sets"  
[X Link](https://x.com/IAMERICAbooted/status/1931718189362098401)  2025-06-08T14:21Z [---] followers, [---] engagements


"The jury is out. What components of Attack Surface Reduction (ASR) require: [--]. Microsoft Defender for Endpoint [--]. Microsoft Defender Antivirus LLMs will have you believe Defender AV is required in active mode yet I cannot find this in the documention. For those who know this is a loaded question. Why It depends on how your infrastructure is architected. A few years ago when I stared learning ASR it was mostly configured through AD Group Policy. There were three ways o deploy it: [--]. SCCM [--]. AD Group Policy [--]. Intune There weren't requirements for Defender for Endpoint at that time. I don't"  
[X Link](https://x.com/IAMERICAbooted/status/1932023599797354563)  2025-06-09T10:34Z [---] followers, [----] engagements


"You have an on-prem AD environment and ASR is configured through Active Directory Group Policy. Is Defender AV required"  
[X Link](https://x.com/IAMERICAbooted/status/1932037737965588691)  2025-06-09T11:31Z [---] followers, 18.9K engagements


"It amazes me every day how Exchange is one of the most used technologies in the world yet people view it some mysterious taboo creature that isn't well documented 😆 Come'on everyone. go take apart some toasters. The world doesnt run on Dunkin' it runs on Exchange"  
[X Link](https://x.com/IAMERICAbooted/status/1933131028417093637)  2025-06-12T11:55Z [---] followers, [----] engagements


"Crowdstrike meet Google. Google meet Crowdstrike. Google links massive cloud outage to API management issue - @serghei https://t.co/joPwxJpnU0 https://t.co/joPwxJpnU0 Google links massive cloud outage to API management issue - @serghei https://t.co/joPwxJpnU0 https://t.co/joPwxJpnU0"  
[X Link](https://x.com/IAMERICAbooted/status/1933817395623104568)  2025-06-14T09:22Z [---] followers, [---] engagements


"C-Suite decides a technology I support is not meeting their needs. A decision is made to request a Microsoft SME without even talking to me first to present the new requests which have changed like [--] times over the past [--] months. Some of their requests are simple "download a report" or simple mail flow or DLP rules but they don't know that. Another part of the request is more complex and doesn't work accross operating systems and clients and doesn't follow the KISS methodology because the CEO didn't like it. As a result I had to spend a couple hours prepping the architect SME with details of"  
[X Link](https://x.com/anyuser/status/1933839857417113846)  2025-06-14T10:52Z [----] followers, 12K engagements


"Make no mistake US will continue to support Israel and has a common interest to disable Iran's nuclear functions. US has always had an interest in disabling Iran's nuclear efforts"  
[X Link](https://x.com/IAMERICAbooted/status/1933874027254161512)  2025-06-14T13:07Z [---] followers, [----] engagements


"Im taking a mental health day before I self-destruct and say things that will get me fired. Hope the weather is nice"  
[X Link](https://x.com/IAMERICAbooted/status/1934898723722527171)  2025-06-17T08:59Z [---] followers, [---] engagements


"I don't know who needs to hear this: if you can't do your work without an LLM you probably shouldn't be in that role because you will cause more harm than good"  
[X Link](https://x.com/anyuser/status/1934899777768169607)  2025-06-17T09:03Z [----] followers, [----] engagements


"@ChadWst Yes and making recommendations based on technologies they don't know. I can't take it anymore today"  
[X Link](https://x.com/IAMERICAbooted/status/1934902150527701394)  2025-06-17T09:13Z [---] followers, [---] engagements


"@the_abduco That is not the point. I use it every single day. The difference is I have the skills to interpret the information and know how to validate with vendor documentation and testing. Many people just use it blindly without the skills and that causes problems"  
[X Link](https://x.com/IAMERICAbooted/status/1935149675734044991)  2025-06-18T01:36Z [---] followers, [---] engagements


"@the_abduco The purpose for the LLM is to streamline work and increase productivity for SKILLED workers. It's not a substitute for the skills. Without the skills they are pretty useless"  
[X Link](https://x.com/IAMERICAbooted/status/1935150083978170755)  2025-06-18T01:38Z [---] followers, [--] engagements


"@drnimrod it ALWAYS depends. I've been taking too many Microsoft practice tests with LLMs :P You should pick the answer that makes the most sense"  
[X Link](https://x.com/IAMERICAbooted/status/1935155902400639113)  2025-06-18T02:01Z [---] followers, [---] engagements


"😆😆😆😆 I have a story from megabank. An internal pentest revealed a vuln in cloud that was PoC'd to get elevated access. It was mitigated. That mitigation later caused a month of work for about [--] highly paid people to figure out how to remove the mitigation safely. Head of compliance: how many things from last years pentest have been fixed Me: Head of compliance: how many things from last years pentest have been fixed Me:"  
[X Link](https://x.com/IAMERICAbooted/status/1935158054988792202)  2025-06-18T02:10Z [---] followers, [----] engagements


"after it was fixed by Microsoft ofc"  
[X Link](https://x.com/IAMERICAbooted/status/1935160137800454314)  2025-06-18T02:18Z [---] followers, [---] engagements


"If North Korea ends up being the reason I have to work from the office all the time I'm going to call Israel on them 😋 North Korean hackers deepfake execs in Zoom call to spread Mac malware - @billtoulas https://t.co/AY9SkEHe1f https://t.co/AY9SkEHe1f North Korean hackers deepfake execs in Zoom call to spread Mac malware - @billtoulas https://t.co/AY9SkEHe1f https://t.co/AY9SkEHe1f"  
[X Link](https://x.com/IAMERICAbooted/status/1935513297853218848)  2025-06-19T01:41Z [---] followers, [----] engagements


"I think corp life is not for me. Im tired of answering to people who don't know the technology and come to me when anything happens and ask me if I did something to cause it"  
[X Link](https://x.com/IAMERICAbooted/status/1936096229093785995)  2025-06-20T16:18Z [---] followers, [----] engagements


"That's it I'm retiring to argue with LLMs and become a full time phisherman. 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1936373004155400207)  2025-06-21T10:37Z [---] followers, [---] engagements


"LLMs/LRMs are created by humans with bias. They are capable of doing inferential statistics on a scale that humans cannot comprehend. They will infer our biases and behaviors by design. It's no surprise to me the behaviors they are capable of as pointed out by the Anthropic research. The MIT and Apple research on intellect degradation and performance are also not a surprise"  
[X Link](https://x.com/IAMERICAbooted/status/1936411095431880745)  2025-06-21T13:09Z [---] followers, [---] engagements


"A common misunderstanding in cloud is the concept of federation. Most organizations of any significant size or maturity especially those within the financial sectors and DIB use multiple identity providers for various use cases. Moreover sometimes they have federation chains with [--] different identity providers. To further complicate things sometimes they will have managed domains too. All these factors need to be considered when designing and testing architecture. Cloud-only does not matter here"  
[X Link](https://x.com/IAMERICAbooted/status/1936498468400365881)  2025-06-21T18:56Z [---] followers, [----] engagements


"We just bombed Iran. I saw a post several hours ago from a small news outlet covering middle east events that American bombers went dark over the Pacific. I just got an alert for breaking news that America bombed Iran's nuclear enrichment sites. Is this real"  
[X Link](https://x.com/IAMERICAbooted/status/1936580863493280159)  2025-06-22T00:23Z [---] followers, [----] engagements


"@cjk365 I've only seen a few cloud-only and they were small orgs. Large orgs have always been hybrid"  
[X Link](https://x.com/IAMERICAbooted/status/1936770989763043334)  2025-06-22T12:59Z [---] followers, [--] engagements


"Then people learn not to be a threat"  
[X Link](https://x.com/IAMERICAbooted/status/1936786406476480954)  2025-06-22T14:00Z [---] followers, [---] engagements


"I do always say that leadership is not the right role for me. This is a great example why 😆"  
[X Link](https://x.com/IAMERICAbooted/status/1936787746959306837)  2025-06-22T14:05Z [---] followers, [---] engagements


"Check out this handy dandy MFA Guide talking about AAL and FIPS from No Such Agency https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF"  
[X Link](https://x.com/IAMERICAbooted/status/1936921269552755085)  2025-06-22T22:56Z [---] followers, [----] engagements


"Thats not only wiild but incompetant imo. 100% would appeal that. They should read the documentation especially if you have managed device requirements and IP-Allow listing and Phishing defenses like antiphish policies or MTAs with antiphishing policies. Remember outside of basics you have to look at the whole picture and compensating controls are allowed. This is specifoc to NIST"  
[X Link](https://x.com/IAMERICAbooted/status/1936931610592493937)  2025-06-22T23:37Z [---] followers, [--] engagements


"@NathanMcNulty @merill @TechBrandon @rucam365 @SkipToEndpoint Omg ikr Yet it is a requirement boooo"  
[X Link](https://x.com/IAMERICAbooted/status/1936954243384054243)  2025-06-23T01:07Z [---] followers, [---] engagements


"Attention Authentication Nerds: if you are in the DIB vertical what is the required NIST 800-63 AAL Level for a CIAM like solution with no licensing applied except for [--] SaaS app that doesnt have fedramp high requirements and the user base is segregated Does anyone have experience with a 3PAO in this situation and are compensating controls a factor here Cc @merill do you have any docs about this"  
[X Link](https://x.com/IAMERICAbooted/status/1937104165932552294)  2025-06-23T11:03Z [---] followers, [----] engagements


"Does anyone know of an AI solution where I can describe an architecture or authentication flow at the protocol level and it will create a video clip of the flow"  
[X Link](https://x.com/IAMERICAbooted/status/1937460727880851926)  2025-06-24T10:40Z [---] followers, [----] engagements


"Theres probably so much deprecated junk in Exchange that never gets retired just itching to be exploited but nobody reads technical specifications anymore. People crack me up thinking it's something different than plain old exchange and hacktive directory under the hood. Another one probably full of goodies for bored hackers is Power Platform which is just an abstraction of Microsoft Dynamics under the hood. Have you worked with Microsoft Dynamics It looks like it was built in the 90s :p"  
[X Link](https://x.com/IAMERICAbooted/status/1938418402533552237)  2025-06-27T02:05Z [---] followers, [----] engagements


"@fabian_bader @_dirkjan This is so cool thank you for sharing Fabian. When will your Troopers talk come out Will there be slides or a paper I can access before they release the talk Or must I wait patiently"  
[X Link](https://x.com/IAMERICAbooted/status/1938438927553118551)  2025-06-27T03:27Z [---] followers, [---] engagements


"Who can tell my why embedded videos in Office docs opens up a big security gap and what that security gap is I'll grab some breakfast in the meantime. Take your time. :p"  
[X Link](https://x.com/IAMERICAbooted/status/1938554487259513227)  2025-06-27T11:06Z [---] followers, [----] engagements


"Honestly I kind of like how Microsoft is currently pushing naughty vendors out of the game. That's a bold move. I like it"  
[X Link](https://x.com/IAMERICAbooted/status/1938752380696195510)  2025-06-28T00:12Z [---] followers, [---] engagements


"Im going to have to implement a change this year that users will not like. The change is for an upcoming compliance requirement. I cant tell you what the change is. How should I prepare users for the upcoming change so that they have an opportunity to get used to it first Office hours Public team Weekly communications Request for testers Other ideas"  
[X Link](https://x.com/IAMERICAbooted/status/1939007276481671424)  2025-06-28T17:05Z [---] followers, [----] engagements


"@DylanInfosec Oh definitely. I phase in users. I never apply an org wide change without lots of planning and review boards if I can help it. I usually start with me then my team then IT then CIO org then phase in groups. Its one thing I learned at Lamium :p"  
[X Link](https://x.com/IAMERICAbooted/status/1939011428607807508)  2025-06-28T17:22Z [---] followers, [--] engagements


"Synthetic data AI model training coming soon. ahem I mean here Enjoy the fake world you've all created 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1939271858186031258)  2025-06-29T10:36Z [---] followers, [---] engagements


"During self reflection this morning Im going to create a goal to work a maximum of [--] hours per week including reading. This is going to be very hard for me. Ok how am I going to do this: [--]. Log off by 7pm. [--]. Login no earlier than 8am. [--]. Morning walk of [--] hour. [--]. [--] hour per day for cleaning. [--]. Maximum of [--] hours per week of extra reading. Help me be accountable to myself. Feel free to ask me if Im making my goal this week. I struggle with discipline in this area"  
[X Link](https://x.com/IAMERICAbooted/status/1939315192841556196)  2025-06-29T13:29Z [---] followers, [----] engagements


"The ultimate IT challenge is upon me: configure the CEOs new device make it CMMC [--] compliant and ensure it provides the user experience that is sufficient. This could be a resume generating event but the experience is priceless. 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1940379057126093269)  2025-07-02T11:56Z [----] followers, [----] engagements


"If your vendors are telling you that their applications will not work without sites.fullcontrol.all you need to find new vendors. Why They do not care about your security and compliance requirements AND they are screaming incompetence. For people supporting SharePoint and application integrations I want to make sure you understand something about API permissions for SharePoint and Graph: When you give an application sites.fullcontrol.all application permissions you are transferring ownership of your entire For people supporting SharePoint and application integrations I want to make sure you"  
[X Link](https://x.com/IAMERICAbooted/status/1940747431513411813)  2025-07-03T12:20Z [----] followers, 11.9K engagements


"I wonder how many orgs have unvetted "AI" solutions with sites.fullcontrol.all SharePoint Online integrations. 😆 Im fairly certain most orgs dont even know where to begin with vetting "AI" integrations 😆 "Here fancy "AI" maker: you can have all of our intellectual property proprietary information controlled data whatever you want We dont care how your AI integrations are using our data on the backend and what comingling is occurring with our data sets that will devalue our business""  
[X Link](https://x.com/IAMERICAbooted/status/1940758284262109510)  2025-07-03T13:03Z [----] followers, [----] engagements


"For those that don't know statistics this is case study with descriptive results that cannot make inferences. Attempting to design a controlled statistical analysis study with LLM/LRMs will come with many challenges due to the way models are designed on the backend. @Beareka https://t.co/R0DNwKfbWz @Beareka https://t.co/R0DNwKfbWz"  
[X Link](https://x.com/IAMERICAbooted/status/1940940101200031915)  2025-07-04T01:05Z [----] followers, [---] engagements


"Yet another one: "successfully targeted a 3rd party supplier" How many more real-world examples do people need before they start taking this seriously https://www.forbes.com/sites/daveywinder/2025/07/03/fbi-2fa-bypass-warning-issued---the-attacks-have-started/ https://www.forbes.com/sites/daveywinder/2025/07/03/fbi-2fa-bypass-warning-issued---the-attacks-have-started/"  
[X Link](https://x.com/IAMERICAbooted/status/1940968014201188661)  2025-07-04T02:56Z [----] followers, [---] engagements


"I used Scratch too to learn object oriented programming by building simple games. Not sure if its still around but this was one of the first solutions in low code citizen development https://interestingengineering.com/culture/teenager-rewrites-microsoft-bug-bounty-rules https://interestingengineering.com/culture/teenager-rewrites-microsoft-bug-bounty-rules"  
[X Link](https://x.com/IAMERICAbooted/status/1941107791525192190)  2025-07-04T12:12Z [----] followers, [---] engagements


"It depends on how it's implemented. This would only be one stage of a higher fidelity detection. There would be other common events created around this one. Any unsigned image load should be detected and corroborated with other surrounding detections. Machine learning does something similar by assigning weights to events based on surrounding conditions and machine baselining. This is also why CrowdStrike can catch some not all zero days. Elastic really flags on any unsigned executable calling NtAllocateVirtualMemory with RWX permissions. Regardless of direct or indirect syscalls. And NtAlloc"  
[X Link](https://x.com/IAMERICAbooted/status/1941115500408250869)  2025-07-04T12:42Z [----] followers, [---] engagements


"@gossy_84 Exactly. It's a lot easier these days with the amount of research available to everyone"  
[X Link](https://x.com/IAMERICAbooted/status/1941175428489806046)  2025-07-04T16:41Z [----] followers, [--] engagements


"@gossy_84 Microsoft has been recommending to enforce smb signing for [--] years yet Ive yet to see one place who does. Ive seen it spot enforced on a small amount of servers but I can still find places to relay"  
[X Link](https://x.com/IAMERICAbooted/status/1941175959870455970)  2025-07-04T16:43Z [----] followers, [--] engagements


"Well if I get fired from this job (I hope that's not the case) I'm going to be a fucking beast in offsec again"  
[X Link](https://x.com/IAMERICAbooted/status/1941477129239265611)  2025-07-05T12:39Z [----] followers, [---] engagements


"@jgmac1106 😆 🤣 😆 🤣 China's no joke. I see those fuckers compete in zero day competitions and used to read research from Chinese researchers. People think I get in the weeds. Nope. Compared to them I'm super high level"  
[X Link](https://x.com/IAMERICAbooted/status/1941477777385062587)  2025-07-05T12:42Z [----] followers, [--] engagements


"I cant remember a summer quite like [----]. That was a wild year in offsec"  
[X Link](https://x.com/IAMERICAbooted/status/1941507678486114543)  2025-07-05T14:41Z [----] followers, [---] engagements


"The summer of domain privilege escalations and severe vulnerabilities that Microsoft wouldn't acknowledge or patch for at least [--] weeks. Then when they did release the patches they extra steps that admins had to perform to completely remediate the bugs which is why we see PrintNightmare today. Additionally it wasn't coming up on vuln scans 😆 😆 😆 😆"  
[X Link](https://x.com/IAMERICAbooted/status/1941508523126370556)  2025-07-05T14:44Z [----] followers, [---] engagements


"That outage exposed all their big customers on down detector. Now threat actors know what orgs (most orgs anyway) that use Crowdstrike. Were [--] weeks out from the anniversary of the infamous July 19th Crowdstroke outage and Ive got something really fun cooking you wont want to miss out on Hope youre ready for festivities. Were [--] weeks out from the anniversary of the infamous July 19th Crowdstroke outage and Ive got something really fun cooking you wont want to miss out on Hope youre ready for festivities"  
[X Link](https://x.com/IAMERICAbooted/status/1941510328099151905)  2025-07-05T14:51Z [----] followers, [---] engagements


"Interesting Exchange is the father of hacktive directory and comes with thousands of pages of its own technical specifications yet here we have a .Net deserialization. The world doesn't live on Dunkin it lives on Exchange https://thehackernews.com/2025/07/nighteagle-apt-exploits-microsoft.htmlm=1 https://thehackernews.com/2025/07/nighteagle-apt-exploits-microsoft.htmlm=1"  
[X Link](https://x.com/IAMERICAbooted/status/1941517599717900543)  2025-07-05T15:20Z [----] followers, [----] engagements


"And now im craving dunkin donuts :p"  
[X Link](https://x.com/IAMERICAbooted/status/1941523702048506259)  2025-07-05T15:44Z [----] followers, [---] engagements


"Your confirmation bias when using LLMs will lead you astray. LLMs are only as good as the skills of the person at the prompt"  
[X Link](https://x.com/IAMERICAbooted/status/1941540699465482466)  2025-07-05T16:52Z [----] followers, [----] engagements


"For your Global Admin and Privileged Role Admins if you want to implement an approval process for PIM below is a screenshot of the setting. I understand there is some controversy around this setting. As a previous offsec practitioner in Microsoft Cloud I recommend this coupled with the following mitigations: [--]. Managed Device Requirement [--]. Approved Named Location [--]. Authentication Context Your Global Admins should be having a conversation with another Global Admin when they need to elevate the role for approved work. Access reviews quarterly is not enough in my opinion. Checking on your PAWS"  
[X Link](https://x.com/anyuser/status/1941619347346071748)  2025-07-05T22:05Z [----] followers, 13.1K engagements


"Yep exactly. Do you know how many times I had to fight with the LLM you make that script above It told me several times what I wanted to do couldn't be done. It took about [--] revisions. When getting answers from LLMs and basing them on truth without understanding the underlying concept will cause you trouble like it has for me several times before"  
[X Link](https://x.com/IAMERICAbooted/status/1941821670727041220)  2025-07-06T11:28Z [----] followers, [--] engagements


"I worked with this guy at megabank that I didn't like. Everyone else there was pretty cool. This guy bragged about his [--] years of experience and was pitching doing threat models in [--] minutes to executive directors yet he couldn't tell me a thing about oauth oidc or saml. Who here sees the problem besides me"  
[X Link](https://x.com/IAMERICAbooted/status/1941835699340050812)  2025-07-06T12:24Z [----] followers, [----] engagements


"If I was an executive director and he came to me with that crap we would be suddenly restructuring our dept and he would get laid off"  
[X Link](https://x.com/IAMERICAbooted/status/1941836314006966375)  2025-07-06T12:27Z [----] followers, [---] engagements


"The fact that GPTs give you responses like "You're **absolutely** right" when you counter argue any response should give you pause"  
[X Link](https://x.com/IAMERICAbooted/status/1941920921721147629)  2025-07-06T18:03Z [----] followers, [----] engagements


"@MathematicaKen @drnimrod Power platform will throw DLP errors sometimes when it's not DLP at all. It's usually a permissions issue or a connector that's not configured right or had known limitations in my experience. Microsoft ticket usually helps resolve those :)"  
[X Link](https://x.com/IAMERICAbooted/status/1942515698787332416)  2025-07-08T09:26Z [----] followers, [--] engagements


"@v1ral_dogenes Sometimes I wish I was afraid of being fired. But I lost all my fucks a l9ng time ago"  
[X Link](https://x.com/IAMERICAbooted/status/1943779400723427520)  2025-07-11T21:08Z [----] followers, [---] engagements


"I really miss helping small and medium size businesses with security in Microsoft Cloud. I miss Hacktive Directory too but not bevause it's easy to secure. It's practically impossible in older orgs and you have to pick the things that will have the most impact and benefits to the organization. Helping small and medium size businesses is not very rewarding monetarily but the outcomes are really fulfilling. They really appreciate your help and you have the ability to have huge impacts on their security. Experiencing incidents as a small organization can destroy their ability to make it. I"  
[X Link](https://x.com/IAMERICAbooted/status/1943853182104297917)  2025-07-12T02:01Z [----] followers, [----] engagements


"https://cybersecuritynews-com.cdn.ampproject.org/v/s/cybersecuritynews.com/palo-alto-networks-globalprotect-vulnerability/amp/amp_gsa=1&_js_v=a9&usqp=mq331AQIUAKwASCAAgM%3D#amp_tf=From%20%251%24s&aoh=17523679766990&csi=1&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fcybersecuritynews.com%2Fpalo-alto-networks-globalprotect-vulnerability%2F"  
[X Link](https://x.com/IAMERICAbooted/status/1944199114264023165)  2025-07-13T00:56Z [----] followers, [----] engagements


"Without thinking about it too much: what are [--] of your favorite songs that you can listen to over and over again [--]. Bohemian Rhapsody - Queen [--]. The Sounds of Silence - Disturbed [--]. I Can't Feel My Face - Weeknd [--]. Bittersweet Symphony - The Verve [--]. New Born - Muse"  
[X Link](https://x.com/IAMERICAbooted/status/1944420575079755886)  2025-07-13T15:36Z [----] followers, [----] engagements


"I think 3rd party assessments are needed everywhere. There's a lot of things that people seem to purposely ignore and will say they forgot about if it comes up. Security is hard and causes a lot of challenges. People who are not very tenured will give up and find ways around implementing proper controls"  
[X Link](https://x.com/IAMERICAbooted/status/1945091599345549762)  2025-07-15T12:02Z [----] followers, [--] engagements


"Im troubleshooting a difficult problem at work for [--] weeks. Everyone is saying it is a session timer issue without investigating log evidence. The session timers have not changed since far before the problem began. 😑"  
[X Link](https://x.com/IAMERICAbooted/status/1945549187761807512)  2025-07-16T18:20Z [----] followers, [---] engagements


"Hey @grok why should people leave their cybercage go outside pick some flowers and avoid AI"  
[X Link](https://x.com/IAMERICAbooted/status/1946540902488395879)  2025-07-19T12:01Z [----] followers, [---] engagements


"@jgmac1106 The skills gap is fucking too real for my comfort"  
[X Link](https://x.com/IAMERICAbooted/status/1946574201512431656)  2025-07-19T14:13Z [----] followers, [--] engagements


"Hey @grok Can current LRMs process natural language into multi-dimensional arrays for self-writing programs on the fly without error"  
[X Link](https://x.com/IAMERICAbooted/status/1946586095908528301)  2025-07-19T15:01Z [----] followers, [---] engagements


"@grok Hey @grok Then why can't Perplexity and ChatGPT accurately score the Microsoft certification practice tests from Microsoft that it constantly fails if it's so "accurate" Why can't it account for errors in strings with special characters"  
[X Link](https://x.com/IAMERICAbooted/status/1946587398722224145)  2025-07-19T15:06Z [----] followers, [--] engagements


"Hey @grok where are you getting this data from I have validated this myself as have other people with the results being between 58-60% every time. Additionally if tokenization problems exist in strings how will that affect agentic AI when reading large data sets with special character injections that result from data transmission errors"  
[X Link](https://x.com/IAMERICAbooted/status/1946588465841229874)  2025-07-19T15:10Z [----] followers, [--] engagements


"Hey @grok what statistics exist for LRMs taking Microsoft practice tests for MS-102 If these models cannot pass a Microsoft certification of the basic knowledge to manage infrastructure how will they be able to manage a complex infrastructure with vast integrations with APIs and assess risks of actions"  
[X Link](https://x.com/IAMERICAbooted/status/1946591734231605731)  2025-07-19T15:23Z [----] followers, [--] engagements


"If you knew you were going to die in [--] years what things would you want to do/experience before that day comes"  
[X Link](https://x.com/IAMERICAbooted/status/1946600800643412288)  2025-07-19T15:59Z [----] followers, [----] engagements


"@DeeOakster Then they were doing it wrong. It's clearly stated in CMMC compliance"  
[X Link](https://x.com/IAMERICAbooted/status/1946606047365341298)  2025-07-19T16:20Z [----] followers, [---] engagements


"@DeeOakster CM.L2-3.4.2 Security Configuration Enforcement CM.L2-3.4.2 System Change Management"  
[X Link](https://x.com/IAMERICAbooted/status/1946610120575566233)  2025-07-19T16:36Z [----] followers, [---] engagements


"https://www-bleepingcomputer-com.cdn.ampproject.org/v/s/www.bleepingcomputer.com/news/security/microsoft-teams-voice-calls-abused-to-push-matanbuchus-malware/amp/amp_gsa=1&_js_v=a9&usqp=mq331AQGsAEggAID#amp_tf=From%20%251%24s&aoh=17529447677801&csi=0&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmicrosoft-teams-voice-calls-abused-to-push-matanbuchus-malware%2F"  
[X Link](https://x.com/IAMERICAbooted/status/1946618107490877842)  2025-07-19T17:08Z [----] followers, [---] engagements


"https://www.youtube.com/watchv=5GEoaC_g-Wk https://www.youtube.com/watchv=5GEoaC_g-Wk"  
[X Link](https://x.com/IAMERICAbooted/status/1946764469318607162)  2025-07-20T02:49Z [----] followers, [---] engagements


"@jgmac1106 @ITguySoCal @NathanMcNulty And its not a recommendation. I'll leave it to you to do your own work and conclude why"  
[X Link](https://x.com/IAMERICAbooted/status/1947245589214658761)  2025-07-21T10:41Z [----] followers, [--] engagements


"The finance department is the root of all evils. For every user experience complaint I get from now on I'll refer them to the CFO 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1947859760818028850)  2025-07-23T03:22Z [----] followers, [---] engagements


"@DecryptedTech Exactly. The real story here if any is not .gov"  
[X Link](https://x.com/IAMERICAbooted/status/1947976800551989298)  2025-07-23T11:07Z [----] followers, [--] engagements


"@DebugPrivilege It's probably because decommissioning them has been hanging out in backlogs for years :p"  
[X Link](https://x.com/IAMERICAbooted/status/1948168318533169573)  2025-07-23T23:48Z [----] followers, [---] engagements


"What's new and exciting Anything interesting happen the past couple days"  
[X Link](https://x.com/IAMERICAbooted/status/1948534664450224333)  2025-07-25T00:04Z [----] followers, [---] engagements


"@arpeyton Ikr Most orgs dont know the difference between the CSP and RP :p If we count those I will need to make a new poll"  
[X Link](https://x.com/IAMERICAbooted/status/1948739810811605354)  2025-07-25T13:39Z [----] followers, [--] engagements


"I have 15k in paper checks sitting on my counter that I forgot to cash. Oops"  
[X Link](https://x.com/IAMERICAbooted/status/1949866251901133250)  2025-07-28T16:15Z [----] followers, [---] engagements


"Might as well learn Google Cloud. I'm coming after your "guardrails" and am going to have your AI do all my work for me 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1949948802086875534)  2025-07-28T21:43Z [----] followers, [---] engagements


"In my experience testing that once moved to the personal onedrive address the label could not be downgraded. But if they have interactive access to an endpoint they can just downgrade labels anyway as the compromised user and exfiltrate them unless you dont allow users to downgrade labels"  
[X Link](https://x.com/IAMERICAbooted/status/1949989009662390728)  2025-07-29T00:23Z [----] followers, [---] engagements


"@IceSolst Also: There's no evidence of intrusions because we have the logs but we dont know what the information in them means"  
[X Link](https://x.com/IAMERICAbooted/status/1949996823361269825)  2025-07-29T00:54Z [----] followers, [---] engagements


"I now have more experience than I ever wanted to have with finding and fixing authentication loops. This sucked a month of my life away from me. BUT the silver lining I now know Okta pretty well Moreso than I ever wanted to know. [--] month loops found and solved: [--]. Product integration change that went awry. Oopsie caused small prod outage. [--]. Backend system flag enabled by Okta support [--]. VPN authentication policy rule [--]. Second VPN authentication policy rule . lead to discover more vulnerabilities [--]. Global session timers [--]. Session frequency timers on multiple rules [--]. Lack of device"  
[X Link](https://x.com/IAMERICAbooted/status/1950385345834492048)  2025-07-30T02:37Z [----] followers, [----] engagements


"@blindpete Thank you"  
[X Link](https://x.com/IAMERICAbooted/status/1950480096147501222)  2025-07-30T08:54Z [----] followers, [--] engagements


"@Slav636 The logs are where I have learned the most in M365"  
[X Link](https://x.com/IAMERICAbooted/status/1950704607623356835)  2025-07-30T23:46Z [----] followers, [--] engagements


"@Slav636 And Okta now too"  
[X Link](https://x.com/IAMERICAbooted/status/1950704737591898537)  2025-07-30T23:47Z [----] followers, [--] engagements


"Couple things: Ok this is not usually what we think of when we say AITM which usually refers to reverse proxy phishing for credentials and MFA claims to relay tokens. I'm wondering if it was a double dip attack. I will have to read more closely as I mostly glanced through this. I used to purple team these attacks so I'm very familiar with them. It was very hard to get org to change the tenant-wide settings requiring admin consent otherwise. This attack is an illicit consent (at least part of it). In commercial clouds Microsoft is making a global change to require admin consent for all"  
[X Link](https://x.com/IAMERICAbooted/status/1951050011099496803)  2025-07-31T22:39Z [----] followers, [----] engagements


"It's important to remember that Microsoft is putting the onus on you now. If you don't do it right you will be responsible according to the SLA. The reality is the SLA is what's causing Microsoft's Secure Future Intiative due to insecure defaults"  
[X Link](https://x.com/IAMERICAbooted/status/1951052328938905847)  2025-07-31T22:48Z [----] followers, [---] engagements


"One thing you can do now is train your admins not to consent to apps that are not a verified publisher. While malicious apps with a verified publisher still exist the risk is much lower. Couple things: Ok this is not usually what we think of when we say AITM which usually refers to reverse proxy phishing for credentials and MFA claims to relay tokens. I'm wondering if it was a double dip attack. I will have to read more closely as I mostly glanced through Couple things: Ok this is not usually what we think of when we say AITM which usually refers to reverse proxy phishing for credentials and"  
[X Link](https://x.com/IAMERICAbooted/status/1951054541060722934)  2025-07-31T22:57Z [----] followers, [---] engagements


"What is the minimum dollar amount you would accept as an independent consultant (1099) to perform an engagement which includes: [--]. Cloud pentest using Power Platform components with ceded access in an assumed breach scenario [--]. External pentest of [--] publicly facing apps [--] k 10-18k 24k 18-24k [--] k 10-18k 24k 18-24k"  
[X Link](https://x.com/IAMERICAbooted/status/1951106561654354083)  2025-08-01T02:23Z [----] followers, [----] engagements


"@ScotADeWerth Can't say I have or I don't recall at the moment. Are you talking Azure or Entra Or it Teams based I did some Teams based attacks with Guests before but it was because the tenant settings were horrible. Guests could invite other Guests. It was wild"  
[X Link](https://x.com/IAMERICAbooted/status/1951139515621372008)  2025-08-01T04:34Z [----] followers, [--] engagements


"Bimodal curve means: A represents the consultant who's moonlighting C represents the company who's 1099ing the moonlighter. You might want to think about that :P"  
[X Link](https://x.com/IAMERICAbooted/status/1951259635521871894)  2025-08-01T12:32Z [----] followers, [---] engagements


"Good morning world Anyone need a global admin for M365 (every admin center: Entra Admin Intune Exchange Purview Security Teams SharePoint/OneDrive Apps Admin Center and Power Platform) with experience in IAM including federation design and implementation SSO app integrations hybrid or cloud-only solutions architecture security engineering and architecture threat modeling Active Directory purple teaming security assessments penetration testing build from greenfield EDR Proofpoint Okta SSPM SIEM compliance frameworks across verticals and many other technologies within the infrastructure I have"  
[X Link](https://x.com/anyuser/status/1951261073585176758)  2025-08-01T12:37Z [----] followers, 10.2K engagements


"@ilmaestro7 Architects should not be designing without appropriate testing and adequate knowledge of the technologies being used"  
[X Link](https://x.com/IAMERICAbooted/status/1951287342318092374)  2025-08-01T14:22Z [----] followers, [---] engagements


"@reprise_99 I'd also check certificate stores"  
[X Link](https://x.com/IAMERICAbooted/status/1951423075813056781)  2025-08-01T23:21Z [----] followers, [---] engagements


"Microsoft's Zero Trust workshops are the best thing they've produced for customers ever in my open. I absolutely love everything about this project and it has helped me so much when consulting to cover as much as possible in a short time. After running 150+ Zero Trust workshops with Fortune [---] companies Microsoft's customer experience architects dropped some truth bombs on my podcast. "60% of what we find customers already know. 40% is something that surprises someone in the room." - Ramiro Calderon https://t.co/ccD59wYp0F After running 150+ Zero Trust workshops with Fortune [---] companies"  
[X Link](https://x.com/anyuser/status/1951621252600189274)  2025-08-02T12:29Z [----] followers, [----] engagements


"Great words from @merill "Zero Trust is not just product based. It's working together." https://entra.news/p/the-zero-trust-mistakes-90-of-companies https://entra.news/p/the-zero-trust-mistakes-90-of-companies"  
[X Link](https://x.com/IAMERICAbooted/status/1951634039015645385)  2025-08-02T13:19Z [----] followers, [---] engagements


"@CheddarB0b42 no budget == more hacks :P"  
[X Link](https://x.com/IAMERICAbooted/status/1951793889867870355)  2025-08-02T23:55Z [----] followers, [--] engagements


"@timinbrum I have learned that when working as a FTE in a security role for one org to avoid the "s" word wherever possible"  
[X Link](https://x.com/IAMERICAbooted/status/1951944626660679949)  2025-08-03T09:53Z [----] followers, [--] engagements


"@MathematicaKen @Sebocat You can require a strong bitlocker key instead"  
[X Link](https://x.com/IAMERICAbooted/status/1952006869754507386)  2025-08-03T14:01Z [----] followers, [--] engagements


"Bloodhound now maps how to get to Snowflake. Now we just need SharePoint Confluence Box and backups 😋"  
[X Link](https://x.com/IAMERICAbooted/status/1952102490067095770)  2025-08-03T20:21Z [----] followers, [----] engagements


"It's really not that hard. Test it in dev to get a PoC. Demo it to gain buy in. Create a pilot. Do small pilot expansions. Phase into prod to avoid overwhelming the help-desk. Enlist champions in each group/department you roll it out to to help relieve you and the help desk of questions"  
[X Link](https://x.com/IAMERICAbooted/status/1952318646996349059)  2025-08-04T10:40Z [----] followers, [--] engagements


"@mfsquiiid It used to be Microsoft documentation. You might be able to find some stuff in Server [----] [-----] docs. Google dorks are your friend here with site:*.microsoft.com affixed"  
[X Link](https://x.com/IAMERICAbooted/status/1952382450715296168)  2025-08-04T14:53Z [----] followers, [--] engagements


"@ethanadoor @CynicLib Then why can you use some graph tokens with Azure Management api"  
[X Link](https://x.com/IAMERICAbooted/status/1952483378735038559)  2025-08-04T21:34Z [----] followers, [--] engagements


"As for initial access that's BS. All it allows you to do is spoof an internal domain. You still have to get malware links or attachments past DFO the nextgen firewalls EDR Screen RBIs browsing protections and DFCA for anything that WILL give you real initial access. I would consider this more in line with a medium impact defense evasion. Again Im not saying it's not an issue and you shouldn't address it. Im not saying that it wont improve the likelihood of other components of an attack to work. I'm saying that you should assess the impacts and exercise your security team for detection and"  
[X Link](https://x.com/IAMERICAbooted/status/1952597726253781490)  2025-08-05T05:09Z [----] followers, [--] engagements


"@egosumdns @0x64616e People like to scream about initial access without ever having done it before. Those who have (me) know its not that simple"  
[X Link](https://x.com/IAMERICAbooted/status/1952598051132158416)  2025-08-05T05:10Z [----] followers, [--] engagements


"I wish more people in general understood how difficult it is to gain buy in to perform the changes necessary to secure the infrastructure. I wish more entrants to cybersecurity understood how intellectually challenging succeeding in Defense is. I wish more entrants to cybersecurity understood how intellectually challenging succeeding in Defense is"  
[X Link](https://x.com/IAMERICAbooted/status/1953161365436416162)  2025-08-06T18:28Z [----] followers, [----] engagements


"This is why in Entra you need authentication contexts and in Okta you have to select configurations that don't allow downgrade to other methods. Phishlet designed for the Evilginx framework aiming to enhance phishing campaigns against Office [---] (O365) environments. It specifically targets the Windows Hello for Business authentication method https://t.co/8VWCuG1PRu Phishlet designed for the Evilginx framework aiming to enhance phishing campaigns against Office [---] (O365) environments. It specifically targets the Windows Hello for Business authentication method https://t.co/8VWCuG1PRu"  
[X Link](https://x.com/IAMERICAbooted/status/1953267116905230701)  2025-08-07T01:29Z [----] followers, [----] engagements


"Mmhmm. Social engineering will never go away. It will only get worse in the age of AI. Google Discloses Salesforce Hack https://t.co/3aWduqUVnG Google Discloses Salesforce Hack https://t.co/3aWduqUVnG"  
[X Link](https://x.com/IAMERICAbooted/status/1953271842111988029)  2025-08-07T01:47Z [----] followers, [---] engagements


"@Nekunekus My workday will be [--] hours and they can refer to the documentation and emails I provided at an earlier date :P"  
[X Link](https://x.com/IAMERICAbooted/status/1953294981147287931)  2025-08-07T03:19Z [----] followers, [--] engagements


"Hmmm 🤔 I might apply This is an amazing opportunity. Microsoft is looking for a Security Operations Engineer II based in Redmond WA The role is in the Identity & Access Management (IAM) Protect team that manages Entra tenants for all Microsoft Cloud. Apply here https://t.co/RX3AGFAgGI This is an amazing opportunity. Microsoft is looking for a Security Operations Engineer II based in Redmond WA The role is in the Identity & Access Management (IAM) Protect team that manages Entra tenants for all Microsoft Cloud. Apply here https://t.co/RX3AGFAgGI"  
[X Link](https://x.com/IAMERICAbooted/status/1953596099018776634)  2025-08-07T23:16Z [----] followers, [----] engagements


"@arpeyton I'm asking for 250k :p"  
[X Link](https://x.com/IAMERICAbooted/status/1953622838058864794)  2025-08-08T01:02Z [----] followers, [---] engagements


"So here is what I've learned in my escapades of the last year working in defensive roles focused on configuration based vulnerabilities: Do NOT sign up for this LOL. Be an admin/cloud engineer whatever they call it and just build the security in it for them without mentioning the "s" word. People won't understand what you're doing anyway but you'll be a lot safer and get to do more fun stuff. Most admins don't have the skills in security but YOU have the skills in both. I've seen this across organizations in all my experience"  
[X Link](https://x.com/IAMERICAbooted/status/1954166545107550336)  2025-08-09T13:03Z [----] followers, [---] engagements


"@jfishfishfish There are a lot of tenant wide settings that can impact functionality that Microsoft's SMEs don't even understand"  
[X Link](https://x.com/IAMERICAbooted/status/1954606466973016564)  2025-08-10T18:11Z [----] followers, [--] engagements


"@jfishfishfish If you don't have someone dedicated to Purview ALL THE TIME it's not very easy to work it. It requires a ton of tuning and testing for DLP"  
[X Link](https://x.com/IAMERICAbooted/status/1954606929679990954)  2025-08-10T18:13Z [----] followers, [--] engagements


"6 places I check when I'm reviewing a company's external footprint and tech stack to get a basic understanding of the architecture: [--]. [--]. [--]. [--]. [--]. LinkedIn [--]. Careers Go check these things to see what others look at. It usually takes me less than [--] hour. http://crt.sh http://virustotal.com http://dnsdumpster.com http://aadinternals.com/osint http://crt.sh http://virustotal.com http://dnsdumpster.com http://aadinternals.com/osint"  
[X Link](https://x.com/anyuser/status/1954628686914756814)  2025-08-10T19:39Z [----] followers, 25.4K engagements


"yep 100% agree For example Crowdstrike is a superior product and is easier to use. MDE requires a lot more operationally overhead and skill to use it effectively. That's why the overwhelming majority of orgs use Crowdstrike. We saw just how vast their market share is last year :P"  
[X Link](https://x.com/IAMERICAbooted/status/1954648226554065185)  2025-08-10T20:57Z [----] followers, [---] engagements


"@Syndikalist Most of the world uses Crowdstrike. :D"  
[X Link](https://x.com/IAMERICAbooted/status/1954651780664414489)  2025-08-10T21:11Z [----] followers, [--] engagements


"If you're ever on a red team and you get compliance admin you now have access to all data in the tenant. It's a severe compromise. Also Purview roles almost never require PIM ;) Check them out if you haven't already"  
[X Link](https://x.com/IAMERICAbooted/status/1954715579241451983)  2025-08-11T01:24Z [----] followers, 12.6K engagements


"@DylanInfosec @bettersafetynet You can move through Azure with just a reader role ;)"  
[X Link](https://x.com/IAMERICAbooted/status/1954877718329483521)  2025-08-11T12:09Z [----] followers, [--] engagements


"@dinodaizovi This post was about Microsoft Purview. Fun fact Microsoft Compliance Admins and Security Admins can also setup Connectors to all your other cloud resources like your ERP your other IdPs your HR apps Comms tools Salesforce etc"  
[X Link](https://x.com/IAMERICAbooted/status/1954899161926554096)  2025-08-11T13:34Z [----] followers, [---] engagements


"@notajungman And thats why its last on the list Certificates dns and all the other stuff above give you tons of real data lol"  
[X Link](https://x.com/IAMERICAbooted/status/1955306879216652458)  2025-08-12T16:34Z [----] followers, [---] engagements


"You discover a super admin is logging in to M365 as a service account of the IdP with User Admin rights and performing actions that cannot be traced back to their name other than the logins were linked to their device and IPs. How would you handle that situation Documented Incident Incident with Wrtie-Up Do nothing yolo Fired Documented Incident Incident with Wrtie-Up Do nothing yolo Fired"  
[X Link](https://x.com/IAMERICAbooted/status/1955358868781011299)  2025-08-12T20:00Z [----] followers, [---] engagements


"@NaisuBanana it was way better with splunk. the xdr interface during investigations sucks as well"  
[X Link](https://x.com/IAMERICAbooted/status/1955380994007241168)  2025-08-12T21:28Z [----] followers, [--] engagements


"😂😂😂😂😂 good'ol KMSI For all you federated orgs with Okta don't get it twisted. KMSI in Okta and Entra do completely different things. In Okta if you don't know what you're doing you will get some gnarly authentication loops. This button actually does nothing :( https://t.co/FIEqYMcLuY This button actually does nothing :( https://t.co/FIEqYMcLuY"  
[X Link](https://x.com/IAMERICAbooted/status/1955448753176957370)  2025-08-13T01:58Z [----] followers, [---] engagements


"ChatGPT is now asking me if I like it's personality. 😐 Does anyone besides me see the problems with this"  
[X Link](https://x.com/IAMERICAbooted/status/1955451225216082195)  2025-08-13T02:07Z [----] followers, [--] engagements


"ChatGPT is now asking me if I like its personality. 😐 Does anyone besides me see the problems with this"  
[X Link](https://x.com/IAMERICAbooted/status/1955452931081208036)  2025-08-13T02:14Z [----] followers, [---] engagements


"Mergers and Acquisition legal requirements. Businesses do only what's necessary to cover their a$$ You get ISO/SOC certified then a big bank bullies you into using their own auditors for another impromptu audit. Why are they like this Compliance theater costing the industry millions for nothing. You get ISO/SOC certified then a big bank bullies you into using their own auditors for another impromptu audit. Why are they like this Compliance theater costing the industry millions for nothing"  
[X Link](https://x.com/IAMERICAbooted/status/1955752195128705129)  2025-08-13T22:03Z [----] followers, [---] engagements


"@IceSolst yikes we're all in the same fight here"  
[X Link](https://x.com/IAMERICAbooted/status/1955813039477023065)  2025-08-14T02:05Z [----] followers, [---] engagements


"Does anyone know if Contoso or Fabrikam are hiring"  
[X Link](https://x.com/anyuser/status/1955846188747325616)  2025-08-14T04:17Z [----] followers, [----] engagements


". https://t.co/NcE35VbyHK https://t.co/NcE35VbyHK"  
[X Link](https://x.com/IAMERICAbooted/status/1955933667676860539)  2025-08-14T10:05Z [----] followers, [----] engagements


"This is what it takes to work in JUST Entra and Purview alone. LLMs cannot teach you this. Context matters. What is Entra [---] pages Entra Authentication: [----] pages Entra Application Management: [---] pages Entra RBAC: [---] pages Entra User Management: [---] pages Entra Conditional Access: [---] pages Entra Device Identity: [---] pages Entra Hybrid Identity: [----] pages Entra Application Provisioning: [---] pages Entra Application Proxy: [---] pages Entra Managed Identities for Azure Resources: [---] pages Application Integrations: [-----] pages - but a reference Entra Monitoring and Health: [---] Pages Entra"  
[X Link](https://x.com/anyuser/status/1955953499260273024)  2025-08-14T11:23Z [----] followers, 15.4K engagements


"Someone said today they are going to get MDE+AV installed along side 3rd party EDR+AV. Go ahead summer child. Go ahead. Don't listen to the people who already did this [--] years ago and know what problems it caused. But sure have your fun thinking you know better"  
[X Link](https://x.com/anyuser/status/1956067920175358099)  2025-08-14T18:58Z [----] followers, 23.8K engagements


"Low level windows knowledge has deteriorated. Only offsec people and EDR vendors know that stuff anymore"  
[X Link](https://x.com/anyuser/status/1956083283306901771)  2025-08-14T19:59Z [----] followers, 13K engagements


"If you already the skills then yes. That is the problem. I have to deal with people using LLMs all the time to supplement the skills and they don't enough to know they're wrong. One example of this: you are federated and you use these docs. You are not going to get correct CAPs This is the best use case for LLMs because while a human can read all those pages - their employer often cant afford to give them sufficient time to do so but it us also unfair to expect a human to comprehend and remember that volume of detail. It also changes daily. LLM4Win This is the best use case for LLMs because"  
[X Link](https://x.com/IAMERICAbooted/status/1956125316591632657)  2025-08-14T22:46Z [----] followers, [----] engagements


"I think I will schedule both SC-300 and MS-102 for two weeks from now. I hate taking tests but in consulting people like to see credentials. This was SC-300 just now with no prep. I'm rusty in Azure IAM (not Entra)"  
[X Link](https://x.com/IAMERICAbooted/status/1956177414457069797)  2025-08-15T02:13Z [----] followers, [----] engagements


"@CptSC @merill Thanks I've always just done the learning paths and collected badges and trophies in my Microsoft profile but since the cost is low and I might be generating my own business I'm going to do the certs now"  
[X Link](https://x.com/IAMERICAbooted/status/1956286805210255667)  2025-08-15T09:28Z [----] followers, [--] engagements


"If you work in Security and Compliance I highly recommend an E5 test tenant. It will cost about 800$ per year for [--] users. Otherwise if you dont have access to an E5 you will really struggle. With that [---] per year comes features and capabilities directly specific to a security and compliance role Inune Entra premium features full XDR capabilities Defender for Identity and much more. Its somewhat of a requirement in the security space if your focus is the data plane. In the AI world everyone's focus is the data plane"  
[X Link](https://x.com/IAMERICAbooted/status/1956299324964339825)  2025-08-15T10:18Z [----] followers, [---] engagements


"@merddyn @CrookedBong @merill Ah I thought Microsoft retired that"  
[X Link](https://x.com/IAMERICAbooted/status/1956397083910459867)  2025-08-15T16:46Z [----] followers, [--] engagements


"This was a super fun thread ❤ Does anyone know if Contoso or Fabrikam are hiring Does anyone know if Contoso or Fabrikam are hiring"  
[X Link](https://x.com/IAMERICAbooted/status/1956455063678829051)  2025-08-15T20:36Z [----] followers, [---] engagements


"@arpeyton I'm just tired of doing them"  
[X Link](https://x.com/IAMERICAbooted/status/1956728584825123280)  2025-08-16T14:43Z [----] followers, [---] engagements


"@mwheatfill @Polaris_Project One of my traffickers went to prison. The rest was luck I guess. I had no help but found a way"  
[X Link](https://x.com/IAMERICAbooted/status/1956839800096334201)  2025-08-16T22:05Z [----] followers, [---] engagements


"When he was arrested I was sent back to New York because I was a minor. I was put in a group home when I got back to New York. Shortly after that my 18th birthday came and the New York State Division for Youth gave me 20$ and a bus ticket to Albany. From there I went back to my trafficker because I had nowhere else to go. His friends hid me so I couldn't testify against him. He still went to prison anyway but I was passed to his friends. From there I ended up out west again and when I was [--] I finally ran away from them and found my own way. I had no support from anyone. No family no friends"  
[X Link](https://x.com/IAMERICAbooted/status/1956851560564003093)  2025-08-16T22:52Z [----] followers, [---] engagements


"Surviving without AC when it was almost [---] degrees today was a feat. I'm hot AF"  
[X Link](https://x.com/IAMERICAbooted/status/1956886443529326924)  2025-08-17T01:10Z [----] followers, [---] engagements


"you are the only person I've heard so that I still don't understand what value it's giving. It makes no sense. If it's endpoint DLP features there's a separate onboarding package outside of MDE for DLP and DSPM for AI that are not full MDE. If you have Crowdstrike it's a better endpoint solution"  
[X Link](https://x.com/IAMERICAbooted/status/1956914416399905254)  2025-08-17T03:02Z [----] followers, [--] engagements


"@eqv_sec @SkrzSecurity If you don't have Crowdstrike why wouldn't you get rid of whatever you have and use full XDR WHat is the point You say it's a nice complement but haven't provided any examples of where it provides a benefit to the org"  
[X Link](https://x.com/IAMERICAbooted/status/1956914850107416835)  2025-08-17T03:03Z [----] followers, [--] engagements


"I'm talking about the top [--] EDRs in this thread: MDE and Crowdstrike Let me ask you something have you ever configured the Windows Event Logs Do you know why I'm asking that Let me ask you another question: when those gaps are listed are they covered somewhere else (The answer is yes)"  
[X Link](https://x.com/IAMERICAbooted/status/1956926612701667504)  2025-08-17T03:50Z [----] followers, [--] engagements


"IT is like cooking. There are people who follow recipes and there are people who create recipes"  
[X Link](https://x.com/IAMERICAbooted/status/1957043527633993879)  2025-08-17T11:35Z [----] followers, [----] engagements


"I just saw an advertised role for what would be the lead of the Architecture Review Board . Might as well apply 😂"  
[X Link](https://x.com/IAMERICAbooted/status/1957091535494709406)  2025-08-17T14:45Z [----] followers, [----] engagements


"The AI world is a different world. I just saw a @YouTube advertisement what I believe to be an AI impersonation of Oprah Winfrey endorsing a weight loss product by voitureallemande.online. Wild"  
[X Link](https://x.com/IAMERICAbooted/status/1957287168197505243)  2025-08-18T03:43Z [----] followers, [---] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing