Father. Engineer. Learner. Lurker. AD, Entra/Azure & enterprise security specialist. Senior Security Consultant @trustedsec. Fellow Human Being.
Joined August 2011
- Tweets 2,860
- Following 413
- Followers 1,228
- Likes 7,304
324 Photos and videos
Pinned Tweet
Feb 17
I'm shaving my head again this year. Please consider donating to this great cause. Help me raise money for #childhoodcancer research with @StBaldricks. stbaldricks.org/participants…
1
3
492
Jun 11
Checkout all the great talks from this year's event. I'm obviously quite fond of my talk with @PyroTek3 but @rootsecdev also does a fantastic job walking though some modern token attacks.
Jun 11
Wait a minute, Doc 👀 Are you telling me this year's #SmileyCon sessions are available for everyone? Check out the latest #cybersecurity insights and expert perspectives from the Doc Browns of TrustedSec—watch now! hubs.la/Q04l5H5L0
1
3
791
Tech Brandon retweeted
Jun 9
Introducing Claude Fable 5: a Mythos-class model that we’ve made safe for general use.
Its capabilities exceed those of any model we’ve ever made generally available.
2
7
682
Tech Brandon retweeted
Sober in Cyber is teaming up with Identiverse, and we're bringing the energy to the Expo Hall! Come find us at booth 135 and grab a refreshing mocktail at the Zero Proof bars during the welcome reception and happy hour.
ALT Promotional Identiverse graphic with a dark digital globe background and teal accents. A top banner reads “Clock’s ticking. Unlock your 30% discount now.” The Identiverse CyberRisk Alliance logo and Sober in Cyber logo appear near the top. Main text says: “I’m attending Identiverse, where the future of identity and cybersecurity comes together.” A discount section reads: “Join me with my exclusive 30% discount. Use code IDV26-SOBER30%,” with a green “Register Now” button. On the right is a headshot labeled “Jen VanAntwerp, Founder, Sober in Cyber.” The footer reads: “June 15–18, 2026 • Mandalay Bay Resort & Casino, Las Vegas.”
1
1
1
78
Tech Brandon retweeted
May 29
Headed to @hthackers next week? Don't miss Senior Security Consultant @techBrandon presenting, "Abusing Holes in Conditional Access: Modern Attack Paths and How to Close Them" at 11:00 AM on Friday. Add it to your schedule! hubs.la/Q04jnc9p0
7
10
2,346
May 24
I can't believe we have to keep saying this. Device Code abuse has been happening for over 5 years now and I rarely see policies properly configured.
May 23
If you haven't already, please make sure you build a Conditional Access policy to block device code flow.
Here's how ⤵️ learn.microsoft.com/en-us/en…
1
4
262
May 21
Excited to take the stage again at HTH. What a cool conference.
🔐 MFA isn’t magic.
“Abusing Conditional Access” shows how attackers route around Entra Conditional Access and exploit weak spots in MFA enforcement.
HTH Con 2026 | June 3–5 | Columbus, OH 2026.hthackers.com/
#HTH2026
2
1
1,077
May 15
If you haven't already checked it out, make sure to read my latest @TrustedSec blog introducing Passkey Path. A new interactive blogging approach I'm trying out. It's built like a choose-your-own-adventure guide. trustedsec.com/blog/finding-…
1
5
1,582
Tech Brandon retweeted
May 14
If you are using security defaults in your Entra ID environment.. Get off of it.
You should have "zero trust" in security defaults with statements like these.
learn.microsoft.com/en-us/en…
4
9
71
26,308
May 14
Wrote up a quick little introduction to Passkeys. It's no longer IF you'll migrate, it's WHEN.
May 14
Ready to ditch passwords for good, but not sure where to start? In our new blog, @techBrandon introduces #Passkey Path, choose-your-own-adventure guide to transitioning from passwords to passkeys, built for every role in your organization. Read it now! hubs.la/Q04gyKy50
1
4
1,121
May 14
We've come full circle. User accounts are the new hotness again.
May 14
I may need an intervention...
I'm pretty sure I just said "user-based service accounts are better than service principals, actually"... and in the given context, it was 100% true
Service Principals have some really dumb limitations that make user accounts a better fit 🥴
1
105
May 12
If you can make Eric laugh, win a prize.
May 12
We are all set up and ready to go at BSides NOLA 😀 Make sure to stop by our booth to chat if you're there! #BSidesNOLA
1
93
May 10
Ever wonder what the difference is between a yubikey and a passkey stored in your password safe? Do they offer the same security benefits? Which should you use and for what purpose? Passkey Path has your answers and more. techbrandon.github.io/passke…
1
6
1,767
May 7
I was going to wait until next week but apparently it's #WorldPasskeyDay so I'll celebrate by introducing Passkey Path, a choose-your-own-adventure guide flexible enough for a quick read of only passkey content relevant to you. Let me know what you think! techbrandon.github.io/passke…
3
9
2,595
Tech Brandon retweeted
May the Schwartz be with you ⚡
🚀 HTH Con 2026
📍 Columbus, OH
🗓️ June 3–5
🎤 Talks
🛠️ Villages
🎓 Workshops
Go full ludicrous speed—don’t miss it.
🎟️ 2026.hthackers.com/
#HTH2026 #Infosec #Cybersecurity #Infosec #HackersTeachingHackers
1
1
140
Tech Brandon retweeted
Apr 30
Sometimes you don't need to build the nest yourself. In this blog, @Coontzy1 explains how trusted Group Policy UNC paths can be turned into code execution and NTLM relay without building rogue GPO infrastructure or modifying SYSVOL. Read it now!
hubs.la/Q04d-LsP0
1
35
78
5,979
Apr 28
Excited to be at HTH again this year. Blowing open holes in your CA policies.
No fluff. No vendor decks.
Just real attack paths, real techniques, real lessons. Join the talks!
HTH Con 2026 → 2026.hthackers.com/
#HTH2026
1
1
6
1,166
Apr 23
This attack has been around for 5 years and it's still super effective. A simple CA policy stops it in its tracks.
Apr 22
Entra Hardening Tip #3: Block device code authentication flow
Device code flow is a feature that allows users to sign into headless devices like Teams meeting rooms and CI/CD pipelines.
The problem:
Attackers are increasingly using this sign in flow to phish users by tricking them into clicking a link and signing in with device code flow. The result is the attacker gets a valid token of the compromised on the attacker's remote device.
1/3
185
Tech Brandon retweeted
📢 You already know FOCI, BroCI, and all the OAuth2.0 flows? But do you already know the secret token providers of Entra ID?
In my latest research post I explore how you can, hidden from the Defenders, request new access token.
cloudbrothers.info/en/avoid-… #EntraID #DefenderXDR
3
60
196
44,598