Power Platform DLP Bypass via Copy-And-Paste
Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...
Recent Posts
All You Need Is Guest
This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.
Security for AI is the Next Big Thing! But we don’t really know what it means yet
As AI continues to capture everyone’s attention, security for AI becomes a popular topic in the market. Security for AI is capturing the media cycle, AI secu...
Copilot exfiltrates High Restricted SharePoint files to any user on the Internet, no auth required
Microsoft Copilot Studio allows users to quickly build enterprise Copilots on top of their business data. Every enterprise user can now plug enterprise data ...
Followup links for OWASP Global AppSec DC 2023
Assorted links for OWASP Global AppSec DC 2023: