ByBen HansonSeptember 4, 2024 You Can Be Profound, or You Can Be Effective—Pick One The pressure to be profound is such a stumbling block in our industry. It emphasises the sophisticated over… Security
ByBen HansonApril 10, 2024 The Missing Key To Understanding How the Midnight Blizzard Attack Worked How does compromising an app in one tenant get you into another tenant? There is a key piece of info that will help you to understand. Security
ByBen HansonMarch 3, 2024 Understanding the Evolution of “Tier 0” in Modern Access Control Models Does "Tier 0" still matter? Yes and no. Yes, as a principle; No, as an access control model. Here's what to do instead. Security
ByBen HansonSeptember 18, 2023 Connect/Okta and Identity Sync Hardening One area commonly overlooked (by defenders, but not by attackers) is identity sync infrastructure. If you harden your AD but don't do this, you are wasting your time. Security
ByBen HansonFebruary 2, 2023 Azure Has A Kerberos Problem, But It’s Not The One You Think Blaming Azure for Kerberos exploits isn't a hot take—it's nonsense. Focus on the real root causes instead (which are different than you might think). Security
ByBen HansonSeptember 20, 2022 Healthy Work/Life Balance: 4 Critical Questions to Ask Yourself—And Your Employer 4 questions to help you assess where you are, and what to do about it. Security