Sign up to save your podcasts
Or
Share Red Team Secrets: How we bypass Conditional Access (and how you can fix it)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Red Team Secrets: How we bypass Conditional Access (and how you can fix it)
In this episode of Entra.Chat, I dive deep with cybersecurity architect Fabian Bader into his research on bypassing poorly designed Microsoft Entra’s conditional access policies and what you can do about them.
We also cover the game-changing new Group Source of Authority feature that lets you finally manage synced groups in the cloud, and share insights from Fabian’s work with MSRC to secure the platform—don’t miss this one if you want to stay ahead in cloud security!
Subscribe with your favorite podcast player or watch on YouTube 👇
About Fabian Bader
Fabian Bader is a Cybersecurity Architect at glueckkanja, based in Hamburg, Germany. He is a well-known researcher in the Microsoft identity space, creator of the Cloud Brothers blog, and creator of the Maester and Token Tactics V2 tools. His work focuses on Microsoft Entra and the Defender suite, helping customers secure their cloud environments.
LinkedIn - https://www.linkedin.com/in/fabianbader/
🔗 Related Links
* Fabian’s Blog - https://cloudbrothers.info/
* Entra Scopes - https://entrascopes.com/
* Maester - https://maester.dev/
* Token Tactics V2 - https://github.com/f-bader/TokenTacticsV2
📗 Chapters
02:19 The Story of the "Cloud Brothers" Blog 03:32 The Origin Story of Maester 07:39 Token Tactics V2 & Continuous Access Evaluation 09:43 How Conditional Access Bypasses Are Found 12:05 What is FOCI (Family of Client IDs)? 18:04 Hardening Your Conditional Access Policies 29:59 V1 vs V2 Token Endpoints Explained 38:19 Using Graph Activity Logs in Defender XDR 42:45 The New Group Source of Authority (SOA) 54:59 Workplace Ninjas US Announcement
Podcast Apps
🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
View all episodes
By Merill Fernando
5
55 ratings
In this episode of Entra.Chat, I dive deep with cybersecurity architect Fabian Bader into his research on bypassing poorly designed Microsoft Entra’s conditional access policies and what you can do about them.
We also cover the game-changing new Group Source of Authority feature that lets you finally manage synced groups in the cloud, and share insights from Fabian’s work with MSRC to secure the platform—don’t miss this one if you want to stay ahead in cloud security!
Subscribe with your favorite podcast player or watch on YouTube 👇
About Fabian Bader
Fabian Bader is a Cybersecurity Architect at glueckkanja, based in Hamburg, Germany. He is a well-known researcher in the Microsoft identity space, creator of the Cloud Brothers blog, and creator of the Maester and Token Tactics V2 tools. His work focuses on Microsoft Entra and the Defender suite, helping customers secure their cloud environments.
LinkedIn - https://www.linkedin.com/in/fabianbader/
🔗 Related Links
* Fabian’s Blog - https://cloudbrothers.info/
* Entra Scopes - https://entrascopes.com/
* Maester - https://maester.dev/
* Token Tactics V2 - https://github.com/f-bader/TokenTacticsV2
📗 Chapters
02:19 The Story of the "Cloud Brothers" Blog 03:32 The Origin Story of Maester 07:39 Token Tactics V2 & Continuous Access Evaluation 09:43 How Conditional Access Bypasses Are Found 12:05 What is FOCI (Family of Client IDs)? 18:04 Hardening Your Conditional Access Policies 29:59 V1 vs V2 Token Endpoints Explained 38:19 Using Graph Activity Logs in Defender XDR 42:45 The New Group Source of Authority (SOA) 54:59 Workplace Ninjas US Announcement
Podcast Apps
🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More shows like Entra.Chat
View all
StarTalk Radio
14,341 Listeners
The Infinite Monkey Cage
1,973 Listeners
WSJ Tech News Briefing
1,655 Listeners
Risky Business
373 Listeners
Down the Security Rabbithole Podcast (DtSR)
97 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
650 Listeners
Click Here
420 Listeners
Microsoft Cloud IT Pro Podcast
64 Listeners
Darknet Diaries
8,116 Listeners
Hacking Humans
317 Listeners
Three Buddy Problem
61 Listeners
Hybrid Identity Protection Podcast
3 Listeners
CISO Tradecraft®
49 Listeners
Risky Bulletin
45 Listeners
Critical Thinking - Bug Bounty Podcast
55 Listeners