The Missing Key To Understanding How the Midnight Blizzard Attack Worked
How does compromising an app in one tenant get you into another tenant? There is a key piece of info that will help you to understand.
privilegedaccess
6 posts
Understanding the Evolution of “Tier 0” in Modern Access Control Models
Does "Tier 0" still matter? Yes and no. Yes, as a principle; No, as an access control model. Here's what to do instead.
Connect/Okta and Identity Sync Hardening
One area commonly overlooked (by defenders, but not by attackers) is identity sync infrastructure. If you harden your AD but don't do this, you are wasting your time.
Azure Has A Kerberos Problem, But It’s Not The One You Think
Blaming Azure for Kerberos exploits isn't a hot take—it's nonsense. Focus on the real root causes instead (which are different than you might think).
The Objective of Securing Privileged Access? To Protect the Business from the Admins
The most common privileged security gaps that attackers exploit come from sacrificing effective privileged admin security on the altar of operational convenience.
Your Expensive PIM/PAM Solution Won’t Save You—But This Might
If <that one PAM tool everyone uses> was good enough on its own, then no one in banking would get hacked, because they all use it. Clearly there's more to the story.