Sign up to save your podcasts
Or
Share Red Team Secrets: How we bypass Conditional Access (and how you can fix it)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Red Team Secrets: How we bypass Conditional Access (and how you can fix it)
In this episode of Entra.Chat, I dive deep with cybersecurity architect Fabian Bader into his research on bypassing poorly designed Microsoft Entra’s conditional access policies and what you can do about them.
We also cover the game-changing new Group Source of Authority feature that lets you finally manage synced groups in the cloud, and share insights from Fabian’s work with MSRC to secure the platform—don’t miss this one if you want to stay ahead in cloud security!
Subscribe with your favorite podcast player or watch on YouTube 👇
About Fabian Bader
Fabian Bader is a Cybersecurity Architect at glueckkanja, based in Hamburg, Germany. He is a well-known researcher in the Microsoft identity space, creator of the Cloud Brothers blog, and creator of the Maester and Token Tactics V2 tools. His work focuses on Microsoft Entra and the Defender suite, helping customers secure their cloud environments.
LinkedIn - https://www.linkedin.com/in/fabianbader/
🔗 Related Links
* Fabian’s Blog - https://cloudbrothers.info/
* Entra Scopes - https://entrascopes.com/
* Maester - https://maester.dev/
* Token Tactics V2 - https://github.com/f-bader/TokenTacticsV2
📗 Chapters
02:19 The Story of the "Cloud Brothers" Blog 03:32 The Origin Story of Maester 07:39 Token Tactics V2 & Continuous Access Evaluation 09:43 How Conditional Access Bypasses Are Found 12:05 What is FOCI (Family of Client IDs)? 18:04 Hardening Your Conditional Access Policies 29:59 V1 vs V2 Token Endpoints Explained 38:19 Using Graph Activity Logs in Defender XDR 42:45 The New Group Source of Authority (SOA) 54:59 Workplace Ninjas US Announcement
Podcast Apps
🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
View all episodes
By Merill Fernando
5
44 ratings
In this episode of Entra.Chat, I dive deep with cybersecurity architect Fabian Bader into his research on bypassing poorly designed Microsoft Entra’s conditional access policies and what you can do about them.
We also cover the game-changing new Group Source of Authority feature that lets you finally manage synced groups in the cloud, and share insights from Fabian’s work with MSRC to secure the platform—don’t miss this one if you want to stay ahead in cloud security!
Subscribe with your favorite podcast player or watch on YouTube 👇
About Fabian Bader
Fabian Bader is a Cybersecurity Architect at glueckkanja, based in Hamburg, Germany. He is a well-known researcher in the Microsoft identity space, creator of the Cloud Brothers blog, and creator of the Maester and Token Tactics V2 tools. His work focuses on Microsoft Entra and the Defender suite, helping customers secure their cloud environments.
LinkedIn - https://www.linkedin.com/in/fabianbader/
🔗 Related Links
* Fabian’s Blog - https://cloudbrothers.info/
* Entra Scopes - https://entrascopes.com/
* Maester - https://maester.dev/
* Token Tactics V2 - https://github.com/f-bader/TokenTacticsV2
📗 Chapters
02:19 The Story of the "Cloud Brothers" Blog 03:32 The Origin Story of Maester 07:39 Token Tactics V2 & Continuous Access Evaluation 09:43 How Conditional Access Bypasses Are Found 12:05 What is FOCI (Family of Client IDs)? 18:04 Hardening Your Conditional Access Policies 29:59 V1 vs V2 Token Endpoints Explained 38:19 Using Graph Activity Logs in Defender XDR 42:45 The New Group Source of Authority (SOA) 54:59 Workplace Ninjas US Announcement
Podcast Apps
🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More shows like Entra.Chat
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
The Amp Hour Electronics Podcast
234 Listeners
CyberWire Daily
1,021 Listeners
Microsoft Cloud IT Pro Podcast
62 Listeners
Cybersecurity Today
181 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Practical 365 Podcast - Microsoft 365, Copilot & Cybersecurity News & Discussions
9 Listeners
The Azure Security Podcast
24 Listeners
Cyber Security Headlines
137 Listeners
Blue Security
15 Listeners
Risky Bulletin
44 Listeners