John Jiang @SecurityThunder
Researcher/UCCU Hacker Co-founder/HackerPeanutJohn Taiwan Joined October 2017-
Tweets20
-
Followers86
-
Following216
-
Likes43
Here's my top 20 weaknesses in M365 based on experience consulting. I've seen most of these everywhere in varying mixtures. Public groups has been a problem in all but one org I've worked with. 1. Public Groups expose sensitive data 2. Upload from unmanaged devices 3. Download from unmanaged devices 4. Lack of CAPs to block device code phishing 5. Lack of CAPs and configurations to mitigate AITM 6. OneDrive sync allowed from unmanaged devices 7. Ability to sync cloud storage to other 3rd party drives and vice versa 8. Anyone links in OneDrive and SharePoint 9. Legacy SharePoint IRM on sites and document libraries and Teams (classic) sites 10. Non-existant App Governance 11. Lack of governance or data security on Power Platform Connectors 12. Lack of license by request for Power Platform Apps 13. Teams apps sprawl 14. Anon users allowed to chat in Teams 15. Excessive API permissions in vendor apps 16. Ungoverned 3rd party AI 17. Lack of DLP on Microsoft Cloud Services 18. Lack of Safelinks in office365 apps aside from email 19. Lack of safe attachments in m365 apps outside email 20. Lack of phishing resistant authn
@TEMP43487580 Let's become masters of memes together! 😂
I just started a new blog, and this is my first post. I took a bit of PTO, so this is a little record of some fun I had playing around with Intune during that time. It's about enrollment restriction bypass😄 temp43487580.github.io/intune/bypass-…
#TROOPERS25 AD & Entra ID Security track resources, on the @ERNW_ITSec blog @Insinuator Featuring @Jonas_B_K @martinhaller_IT @TEMP43487580 @JsQForKnowledge @fabian_bader @_dirkjan @ShitSecure @DrAzureAD @kazma_tw @subat0mik @unsigned_sh0rt @ericonidentity insinuator.net/2025/08/troope…
Just wrapped up our talk at DEF CON 33 ! Wandering around after my talk, and people are still coming up to recommend listening to our research! It's the greatest affirmation for a researcher. #DEFCON
Our talks in DEF CON! Saturday at 11:30 in LVCC - L1 - Exhibit Hall West 3 - Track 4
First international talk — at @WEareTROOPERS ! Saw views from my history textbook, and met legends I used to only see on the internet.🫡 Big thanks to my best research partner, my mentor @SecurityThunder , and everyone who showed up to hype me up 🔥
Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: srlabs.de/blog-post/cert… Source code: github.com/srlabs/Certice… Slide deck, including our guide to deception strategy: github.com/srlabs/Certice…
I am honored that our submission was accepted for TROOPERS. Looking forward to Heidelberg next month!
We just published an almost complete list of talks that have been accepted for #TROOPERS24. Thanks to all of you who participated in the CFP! So many excellent submissions. We really had a hard time to decide which will fit best for this year! troopers.de/troopers24/tal…
Again Best Checklist IDOR: ⚡️ #infosec #cybersec #bugbountytips
I'll be presenting at #HITB2023HKT, discussing how we leverage LLM as active directory security assistant.
#HITB2023HKT GPTHound – Your Active Directory Security Assistant - John Jiang - conference.hitb.org/hitbsecconf202…
See you at Blue Team Summit!
👏@SANSDefense #BlueTeamSummit 2022 is almost here! Learn how to accurately diagnose #PrivilegeEscalation through your #ActiveDirectory with CyCraft cybersecurity researchers John Jiang and Gary Sun. 🚨Join us LIVE Online for free: bit.ly/CyCraftSANSBlu…
We observed an attacker #VPN directly into an internal network to bypass preventive security & then create a digital skeleton key to gain admin access across the entire network. Is your #remotework force secure? Read our full analysis >> ow.ly/mKa950zgD2c
[Blog] Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript posts.specterops.io/lateral-moveme…
This is exactly why recovery from APT is difficult: they have multiple vantage points to get inside your network once they're in, lateral mouvement is deadly slideshare.net/FrodeHommedal/… by @FrodeHommedal
@maridegrazia Thx , I'll let you know when the translation is published.
@maridegrazia It's awesome. May I translate the post to Traditional Chinese? I want share it with more people.
Andrew Dorman @AndrewCDormsn
126 Followers 247 Following
Luke (datalocaltmp) @datalocaltmp
2K Followers 668 Following mobile reverse engineering, vulnerability research, using lldb
Tangent65536 @tangent65536
99 Followers 50 Following
Chirag Savla @chiragsavla94
3K Followers 5K Following With Knowledge We Know the Words.. But... With experience We Know their Meaning ! #HOF #Microsoft #BigBasket
Andrew McCallum @atr8472
718 Followers 7K Following
test domain @User2Micro
704 Followers 5K Following
tester @xxtesterxx
229 Followers 5K Following 3 Cerebral infarctions so far. Yearning for life quality. Still like to break 💔 shit. Old school Hacker. Activist by 💜. miss the old school way of bullshiting 👾
Mario de Sousa Lima @MarioSousaLima
116 Followers 7K Following
Steve Holcomb @sullathreathunt
0 Followers 39 Following
Sle @szczepanl
1 Followers 567 Following
toratako @toratak0
238 Followers 641 Following CTF, セキュリティに興味があります🐯🐙 GCC '26 🇻🇳, seccamp '26 L1 (参加予定) 岡大 工/情電数 B2 情工. DS部, OUCRC. PGP: 92F1 9AB8 18FC B3AF 3C55 FB2D 152D 5C60 99A4 2019
Nick0lass @___Nickolass___
6 Followers 387 Following Red Team Operator | Veteran 🇬🇧 | Husband | Father | Coffee Enthusiast
SquareZer0 @__squarezero__
159 Followers 2K Following Offensive security | AD, Azure, and wireless exploitation
RamenMan @notChojin
117 Followers 348 Following サイバーセキュリティに興味があります | OSINTメイン⇔技術面は未熟 | 音楽はVaundyとヨルシカばかり聴いています | Cyber Security / APT group
EZ @IAMERICAbooted
3K Followers 2K Following Like = tuning the algorithm. Janitor at Contoso & Fabrikam. Posts don't represent my employer(s).
OogWay @way_oog
28 Followers 875 Following Threat Intelligence + OSINT + Anti Cybercrime from 🇻🇳 #Nodarkcornersforcybercriminals
Tomasz Rupiewicz @Tomaszrupiewicz
13 Followers 113 Following
Bulls, Bears & Bubble... @dippiedad
160 Followers 1K Following Father to a disabled daughter. Be kind to others always. Tech geek and investor during the day, carer at night! ✝️
Carsten @0xcsandker
2K Followers 176 Following Security enthusiast, Likes Windows Internals, AD & Entra — https://t.co/mVVbfkO7IO
Lorenzo @ptrac3
629 Followers 2K Following
Mo0n Sha𝄞ow @null001__
41 Followers 3K Following
Safiullah_Niazi @Safiull93168968
144 Followers 3K Following Leo ♌ 🦁| Strong Heart ❤️, Curious Mind 🧠| 'He who has a WHY to live for Can deal with any HOW' #CyberSecurityEngineer #AI Automation Engineer 💻
Snodig @Snodig1
24 Followers 3K Following
Viet Hung @viethung_eth
75 Followers 3K Following Crypto, AI, Cybersecurities lover. $BTC $ETH $LINK $BNB $SOL
LV0 資安小菜🐤 @p0tat0ba11
0 Followers 167 Following
Chris Fr. @bonefrogger
30 Followers 892 Following Technology geek, Endpoint Management & Security practitioner, Frogger.
n0zk @n0zk__
173 Followers 2K Following Purple teamer | Privacy fighter | A lazy CTF player | I build, make and break weird stuff
Fabian Bader @fabian_bader
10K Followers 889 Following #Security #Azure #AAD #MDE #M365 #AD #PKI #XDR #EntraID Microsoft MVP Tweets and opinions are my own @[email protected]
Hyeongseok Jang @rotiple320
110 Followers 60 Following @stealien / prev. @cwresearchlab / prev. C.O.C / sejong univ. syscore lab.
Dirk-jan @_dirkjan
30K Followers 205 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Chipadelphia @chipadelphia
213 Followers 936 Following @Tesla, @SpaceX, @BugCrowd | Investor, Open Source Supporter, FSD Beta, SpaceX/Starlink BugBounty | @MIT Aerospace
Kauguir @Kauguir8710640
8 Followers 559 Following
%TEMP% @TEMP43487580
997 Followers 220 Following Red Team | Beginner @FujitsuOfficial ex @secureworks
Cyber Saiyan | RomHac... @cybersaiyanIT
5K Followers 93 Following A community | RomHack Conference, Training and Camp - more info https://t.co/15V29skoWi
Kazma @kazma_tw
57 Followers 179 Following Researcher at CyCraft. CTF Player at B33F 50UP 🇹🇼. Speaker at DEF CON 33, TROOPERS25 & RomHack2025
Yuki Hung @yukilolz7714
40 Followers 389 Following Cyber Security Researcher @ CyCraft. Speaker @ SINCON, hacklu, HITCON, PyCon and CyberSec.
Mathis Hammel @MathisHammel
62K Followers 534 Following Co-fondateur et CTO @Agoratlas. Compte inactif, retrouvez-moi sur BIueSky 🙃
Ben @Ben10868159
9 Followers 409 Following
Dr. Nestori Syynimaa @DrAzureAD
21K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
Andrew Dorman @AndrewCDormsn
126 Followers 247 Following
Luke (datalocaltmp) @datalocaltmp
2K Followers 668 Following mobile reverse engineering, vulnerability research, using lldb
Tangent65536 @tangent65536
99 Followers 50 Following
DEF CON Franklin @DefConFranklin
463 Followers 53 Following A collaboration infusing critical @DEFCON research into important policy and national security debates @HarrisPolicy. Sign up on our our website!
EZ @IAMERICAbooted
3K Followers 2K Following Like = tuning the algorithm. Janitor at Contoso & Fabrikam. Posts don't represent my employer(s).
_leon_jacobs(💥) @leonjza
5K Followers 506 Following ⟦ 'cto @sensepost', '@orangecyberdef', 'caffeine fueled', '(╯°□°)╯︵ ┻━┻', 'security guy', 'metalhead', 'i saw your password', 'KOOBo+KXleKAv+KXlSnjgaM=' ⟧
Intune Support Team @IntuneSuppTeam
19K Followers 330 Following X handle for the Microsoft Intune Customer Success Blog and the Intune CxE team in @MSIntune Engineering. #MSIntune
Fabian Bader @fabian_bader
10K Followers 889 Following #Security #Azure #AAD #MDE #M365 #AD #PKI #XDR #EntraID Microsoft MVP Tweets and opinions are my own @[email protected]
Chi-en (Ashley) Shen ... @ashl3y_shen
5K Followers 1K Following Security researcher @TalosSecurity / Ex-Google TAG / Black Hat USA & HITCON Review Board / Organizer of @rhacklette41. My tweets are my own opinion.
Hyeongseok Jang @rotiple320
110 Followers 60 Following @stealien / prev. @cwresearchlab / prev. C.O.C / sejong univ. syscore lab.
Chipadelphia @chipadelphia
213 Followers 936 Following @Tesla, @SpaceX, @BugCrowd | Investor, Open Source Supporter, FSD Beta, SpaceX/Starlink BugBounty | @MIT Aerospace
%TEMP% @TEMP43487580
997 Followers 220 Following Red Team | Beginner @FujitsuOfficial ex @secureworks
Cyber Saiyan | RomHac... @cybersaiyanIT
5K Followers 93 Following A community | RomHack Conference, Training and Camp - more info https://t.co/15V29skoWi
Kazma @kazma_tw
57 Followers 179 Following Researcher at CyCraft. CTF Player at B33F 50UP 🇹🇼. Speaker at DEF CON 33, TROOPERS25 & RomHack2025
Emilien Socchi @emiliensocchi
743 Followers 134 Following Passionate security researcher and professional #EntraID #Azure #GCP #Kubernetes | Sharing technical tips and ideas
Thomas Naunheim @Thomas_Live
7K Followers 458 Following #MicrosoftMVP | Cyber Security Architect 🛡️| #MicrosoftEntra 🔑 + #Azure ☁️ | #Schaengel
ZH938472 @ZH938472
27 Followers 216 Following
DFIR Justin @dfir_justin
522 Followers 2K Following Father, Husband, Blue Team goes BRRR, CTI, DFIR, Mom Rock/Dad Jazz, Military History, 業餘中國觀察家. 🇺🇸 🇹🇼 Number 1 #NAFO
Ekoparty | Hacking ev... @ekoparty
25K Followers 160 Following The coolest #hacking conference and meeting point in LATAM since 2001 🏴☠️
CCob🏴�... @_EthicalChaos_
9K Followers 438 Following Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴 Author of poorly coded tools: https://t.co/P6tT2qQksC
Justin Bollinger @Bandrel
6K Followers 2K Following hacker, finder of EKUwu (CVE-2024-49019) https://t.co/XQuqk8n8Qy
CODE BLUE @codeblue_jp
7K Followers 636 Following CODE BLUE 2026: International cybersecurity conference 📆 Training: 11/13-15 |Conference: 11/17-18 📢 HP https://t.co/blERauQHdx
Mathis Hammel @MathisHammel
62K Followers 534 Following Co-fondateur et CTO @Agoratlas. Compte inactif, retrouvez-moi sur BIueSky 🙃
Balthasar @BalthasarMartin
214 Followers 239 Following Red team lead @ https://t.co/fkrENrHmF5 @[email protected] (he/him)
Dr. Nestori Syynimaa @DrAzureAD
21K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
TROOPERS Conference @WEareTROOPERS
10K Followers 493 Following We are TROOPERS - IT-Security Conference & Trainings https://t.co/gO1lSzFuns Also at the infosec exchange @WEareTROOPERS
Nathan McNulty @NathanMcNulty
18K Followers 1K Following Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🦋@nathanmcnulty.com
Merill Fernando @merill
20K Followers 4K Following Ex-Microsoft PM | Tweets my own Built → https://t.co/QbUp63ffXf • https://t.co/8W7yvQi3jb • https://t.co/NFLDqDIY8h • https://t.co/tSWrIw8Ajh 📰 Newsletter→ https://t.co/tPzAEl0Zuq & https://t.co/894nfObWuU 🎙️ Podcast→ https://t.co/TBlNKTzn8t
Sick.Codes @sickcodes
17K Followers 6K Following Security researcher 🇦🇺 Good-faith hacking 🤡 Weaponizing source code 🧬 https://t.co/qulkQaGWp9
Dlive @D1iv3
2K Followers 1K Following Security Researcher. 2022 MSRC MVR. Windows Active Directory Security / Cloud Security / Web Security. Tweets are my own.
Zenity @zenitysec
1K Followers 87 Following Zenity is the first security and governance platform purpose-built for AI agents - spanning SaaS, Cloud, and Endpoint
Paul Jerimy @PaulJerimy
936 Followers 206 Following Cybersecurity professional | Occasional web app developer | Has opinions on IT certifications
HITBSecConf @HITBSecConf
16K Followers 4K Following The official Twitter stream for the HITBSecConf conference series held annually in Europe (Amsterdam), Asia (Bangkok), & The Middle East (Abu Dhabi)
Ohm-I (Oh My) @mcohmi
7K Followers 2K Following Nerdcore rapper (@npccollective) | Hacker (https://t.co/a9EOmRdG2a) | Senior Sec Consultant @bishopfox | PhD candidate @DakotaState | 🏳️🌈
CODE WHITE GmbH @codewhitesec
7K Followers 44 Following Red Teaming. Security Research. Continuous Penetration Testing. Threat Intelligence.
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer. Red Team @MDSecLabs
Dirk-jan @_dirkjan
30K Followers 205 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Ashton Rodenhiser @MindsEyeCCF
3K Followers 704 Following Author: Beginners Guide to Sketchnoting. Professional live illustrator. Mom of 3. Rural living and nature lover.
Jimmy Su @jimmysured
64 Followers 647 Following Offensive Guy (ゝ∀・) | Identity • Red Team | ( conf ) SO-CON • OAIC • SEECON • HITCON 101 | ( cert ) CRTO • CRTE • ARTA • GRTA • eJPT
cyber_gakusei @Cyber_Gakusei
24 Followers 450 Following
Mark Demarest @secbadger_
70 Followers 125 FollowingTrends for United States
You might like
