Sign up to save your podcasts
Or
Share I found a bug that could hack ANY Microsoft 365 tenant - Here's what happened
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
I found a bug that could hack ANY Microsoft 365 tenant - Here's what happened
In this episode, I chat with Dirk-jan Mollema, the legendary researcher behind some of the most important discoveries in Microsoft identity security.
We go deep into how curiosity led him from tinkering with web tools to uncovering one of the biggest Entra ID vulnerabilities ever found.
He shares the story behind the CVE that rocked the cloud world, the stress of realizing what he’d uncovered, and the mindset that drives his relentless research. If you’ve ever wondered what it feels like to find a bug that could break the internet—this one’s for you.
PS: If you like this episode please leave a review on Apple Podcast or Spotify 🙏
Subscribe with your favorite podcast player or watch on YouTube 👇
About Dirk-jan Mollema
Dirk-Jan Mollema is a security researcher and consultant specializing in Microsoft Entra ID (Azure AD) and Active Directory security. He is the creator of popular offensive security tools including ROADtools and ROADrecon.
With seven years of Entra research and nearly a decade in AD security, Dirk-Jan has discovered numerous critical vulnerabilities and has played an important role in helping improve Microsoft’s cloud security posture. He provides training and consulting services through his company Outsider Security.
Twitter → https://twitter.com/_dirkjan
LinkedIn → https://www.linkedin.com/in/dirkjanm
Contact → https://outsidersecurity.nl
🔗 Related Links
* One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens - https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens
* Dirk-Jan’s Blog - https://dirkjanm.io
* ROADtools - https://github.com/dirkjanm/ROADtools
📗 Chapters
00:00 Intro
02:11 Guest Journey into Security
07:13 Building ROADtools and ROADrecon
09:53 Research Tools & Methods
14:05 Top Discoveries Ranked
17:01 Windows Hello & PRT Deep Dive
26:07 The Cross-Tenant Actor Token Bug
35:34 Ethical Dilemmas of Big Finds
38:24 Disclosure, Impact & Community
45:59 Future Research & Intune Tips
53:58 Training, Consulting & Closing
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
View all episodes
By Merill Fernando
5
55 ratings
In this episode, I chat with Dirk-jan Mollema, the legendary researcher behind some of the most important discoveries in Microsoft identity security.
We go deep into how curiosity led him from tinkering with web tools to uncovering one of the biggest Entra ID vulnerabilities ever found.
He shares the story behind the CVE that rocked the cloud world, the stress of realizing what he’d uncovered, and the mindset that drives his relentless research. If you’ve ever wondered what it feels like to find a bug that could break the internet—this one’s for you.
PS: If you like this episode please leave a review on Apple Podcast or Spotify 🙏
Subscribe with your favorite podcast player or watch on YouTube 👇
About Dirk-jan Mollema
Dirk-Jan Mollema is a security researcher and consultant specializing in Microsoft Entra ID (Azure AD) and Active Directory security. He is the creator of popular offensive security tools including ROADtools and ROADrecon.
With seven years of Entra research and nearly a decade in AD security, Dirk-Jan has discovered numerous critical vulnerabilities and has played an important role in helping improve Microsoft’s cloud security posture. He provides training and consulting services through his company Outsider Security.
Twitter → https://twitter.com/_dirkjan
LinkedIn → https://www.linkedin.com/in/dirkjanm
Contact → https://outsidersecurity.nl
🔗 Related Links
* One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens - https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens
* Dirk-Jan’s Blog - https://dirkjanm.io
* ROADtools - https://github.com/dirkjanm/ROADtools
📗 Chapters
00:00 Intro
02:11 Guest Journey into Security
07:13 Building ROADtools and ROADrecon
09:53 Research Tools & Methods
14:05 Top Discoveries Ranked
17:01 Windows Hello & PRT Deep Dive
26:07 The Cross-Tenant Actor Token Bug
35:34 Ethical Dilemmas of Big Finds
38:24 Disclosure, Impact & Community
45:59 Future Research & Intune Tips
53:58 Training, Consulting & Closing
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More shows like Entra.Chat
View all
StarTalk Radio
14,347 Listeners
The Infinite Monkey Cage
1,951 Listeners
WSJ Tech News Briefing
1,649 Listeners
Risky Business
372 Listeners
Down the Security Rabbithole Podcast (DtSR)
99 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
Click Here
418 Listeners
Microsoft Cloud IT Pro Podcast
66 Listeners
Darknet Diaries
8,078 Listeners
Hacking Humans
315 Listeners
Three Buddy Problem
61 Listeners
Hybrid Identity Protection Podcast
3 Listeners
CISO Tradecraft®
48 Listeners
Risky Bulletin
45 Listeners
Critical Thinking - Bug Bounty Podcast
55 Listeners