Microsoft's soft patch didn't kill tenant enumeration. Attackers have new ways to map cloud infrastructure. Learn how modern Azure and Microsoft 365 enumeration techniques work, why they're back, and what defenders should do next.
Resources
Blog
Juan Pablo Gomez Postigo
Blogs by Juan Pablo Gomez Postigo
Sprocket Security Senior Penetration Tester examines how transliteration and language backgrounds shape password creation, adding complexity for both users and attackers in his 2025 CypherCon talk.
During the past few assessments, Sprocket has encountered improperly configured instances of Lucee 5 and 4. This blog post will detail a straightforward method to execute remote code after acquiring administrative access to a Lucee login panel.
By targeting a specific endpoint and passing in a random string, GravityForms will prompt users to authenticate first. This results in the unauthenticated user being redirected to the obscured administrative login page for /wp-admin.
