English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어
manicode's profile picture. AI and AppSec Educator. Secure coding system prompts. https://t.co/gbW3ZLhURT
Jim Manico from Manicode Security
@manicode
May 23, 2023

Azure freaking AD does not, at all, support access token revocation.

22
34
322
30
134K
mooreds's profile picture. Principal Product Engineer at @fusionauth. Author _Letters to a New Developer_. Helps w/@boulderruby He/him
Dan Moore
 @mooreds
May 23, 2023

Can you use a strategy like fusionauth.io/learn/expert-a… Or maybe use dpop to bind the token to the client, reducing risk? Something like this? learn.microsoft.com/en-us/entra/ms…

mooreds's tweet card.
How to Manage JWT Expiration and Revoke JWTs | FusionAuth
Source: fusionauth.io
1
0
3
0
2K
manicode's profile picture. AI and AppSec Educator. Secure coding system prompts. https://t.co/gbW3ZLhURT
Jim Manico from Manicode Security
@manicode
May 23, 2023

I would extract Azure AD’s public key, do my own token validation for identity tokens and use Redis to do my own revocation, and dance afterwards.

2
0
4
0
1K
CallMarcus's profile picture. You get what anybody gets - you get a lifetime.
Marcus Westermark
@CallMarcus
May 23, 2023

Continuous access evaluation?

1
0
2
0
3K
manicode's profile picture. AI and AppSec Educator. Secure coding system prompts. https://t.co/gbW3ZLhURT
Jim Manico from Manicode Security
@manicode
May 23, 2023

…. Has a potential 15 minute delay in Azure. Booo.

1
0
5
0
2K
manicode's profile picture. AI and AppSec Educator. Secure coding system prompts. https://t.co/gbW3ZLhURT
Jim Manico from Manicode Security
@manicode
May 25, 2023

There is no token revocation in Azure AD. Period.

1
0
0
0
55
Voulnet's profile picture. م.محمد قتيبة الدوب،مستشار ومهندس ومدرب عالمي بأمن المعلومات. Trainer & Cyber Security Consultant, DEFCON, SANS & RSA Speaker,CISSP GWAPT
Mohammed Aldoub م.محمد الدوب
@Voulnet
May 23, 2023

You have a problem with job security?

0
0
8
0
3K
mattjay's profile picture. Helping Secure the Internet | Long Island elder emo surviving in ATX | Expect: infosec current events, DFIR, appsec & cloudsec - and me!
Matt Johansen
@mattjay
May 23, 2023

It also really shouldn’t be named azure ad

0
0
7
0
2K
FrankMcG's profile picture. No longer active. Find me on LinkedIn and https://t.co/sNKTRQOIWi. Follow @BlueTeamCon. See pinned post. See you around. Touch grass. Be empathetic.
Frank McGovern - INACTIVE
 @FrankMcG
May 23, 2023

There is actually one trick you can do if you absolutely need to. 😁 If you have on-prem exchange, you can migrate the user’s mailbox to on-prem and then migrate it back to O365.

3
0
6
0
3K
amias's profile picture. trying to resist the enshitification and talk about software , music, caring for people but getting dragged in to your noise. https://t.co/u8GCoQ9gEg
bsky.app/amias.net
 @amias
May 23, 2023

Passive directory

0
0
19
0
1K
remixedcat's profile picture. 🎵MUSIC AND MAYHEM!🐉 🎹https://t.co/LCddm5RePp 🎶https://t.co/wbOVwVIN9O 🎮Game music packs: https://t.co/3h8MelTCjF
Remixedcat the catgod 💎😺🌌🎶
@remixedcat
May 23, 2023

Azure is so limited in everything.... Had it for my site a few years ago and it was so frustrating... Thier control panel was such a mess

1
0
4
0
1K
adrianprecub's profile picture. Software Consultant, working with #microservices #azure #aws #docker. Often opinionated, occasionally right. Approximate knowledge of many things.
Adrian Precub
 @adrianprecub
May 23, 2023

went though the same issue about 6 months ago, went with #aws #cognito. Other issues(like you cannot backup your cognito database without external tools..ugh) but the revocation works

0
0
3
0
1K
artem_od's profile picture.
Artem Borodai
 @artem_od
May 23, 2023

Welcome :) It is just a tip of the mountain :) recommend to read @DrAzureAD

0
0
2
0
605
nunu10000's profile picture. InfoSec/SecOps/Cybersecurity dude in the financial sector. Formerly Healthcare. Electronic Music Connoisseur. Advocatus Diaboli. Tweets are my own.
Dinidu Perera
@nunu10000
May 23, 2023

Can’t you do this in Microsoft Defender for Cloud Apps? (I acknowledge that this is an extremely weird place for this, but it’s where I happen to do it)

0
0
1
0
613
HawkinsSecurity's profile picture. Cybersecurity | Healthcare. Tweets are my own, not an endorsement
Security in HC
@HawkinsSecurity
May 23, 2023

Wait, Azure AD Threat Protection service doesn’t allow this?

0
0
1
0
1K
Mark06303867's profile picture.
Mark
 @Mark06303867
May 24, 2023

Tied together with rubber bands and tape.

0
0
1
0
56
ConveLab's profile picture. ML Eng - Vision & AI ⚡ macOS background remover → https://t.co/d0WRnU06CU 🛠️ I also build clean websites for businesses — DM to chat
ConvergenceLab
 @ConveLab
May 24, 2023

Azure not supporting sending parallel instances a list of folder, only file list in batches…

1
0
1
0
417
awakecoding's profile picture. Remote desktop protocol expert, OSS contributor and Microsoft MVP. I love designing products with Rust, C# and PowerShell. Proud to be CTO at Devolutions. 🇨🇦
Marc-André Moreau
@awakecoding
May 24, 2023

Aren't access tokens good for like 2 minutes after which you need to request a new access token using the refresh token? 🤔

0
0
0
0
110
NightmareJS's profile picture. proficient at drawing the rest of the 🦉| security impact junkie | https://t.co/OZ7D458owb
kat traxler 🎗️
@NightmareJS
May 23, 2023

It’s this just a feature of bearer tokens ?

0
0
0
0
924
United States Trends

Something went wrong.


Something went wrong.