infosec – IT-DRAFTS

October 24, 2025

How they hijack Microsoft Teams via tokens (and what to do while everyone sips their coffee)

In short: an attacker does not smash your mailbox to bits, they nick your pass and stroll straight in. It is subtler, neater and a hundred times worse for defenders. If an attacker has a valid token, MFA and passwords become mere decorations. Below is a hard-technical breakdown with a healthy dose of irony. Pass…

October 22, 2025

Embedded HSMs in the Cloud? Yes, Microsoft Just Went There

TL;DR: Microsoft is moving from centralised HSM clusters to embedded hardware modules built straight into the host silicon. Lower latency, higher throughput, and a new level of “I actually own my keys” confidence. It’s a big shift — for engineers, not marketers. 1. Hook You thought your keys were safe in the cloud? Think again….

September 12, 2025

Microsoft Teams vs Malicious Links: New Warning System — Because Users Click Anything

Hi again )))) So, today two articles )))) its Friday! Microsoft noticed that people share sketchy links in Teams chats like they’re passing notes in high school. To combat this, they’re rolling out a feature to automatically warn users when a link looks fishy. Because yes, phishing attacks are still the thing. What’s the Deal?…

September 12, 2025

Windows Defender Firewall Vulnerabilities: When the “Defender” Needs Defending

Hi, so, turns out our good old Windows Defender Firewall isn’t exactly the knight in shining armor. Microsoft just patched four shiny new privilege escalation vulnerabilities that could let a low-level user level up like they just found a cheat code in GTA lol. Yeah, it’s not game over, but it’s definitely multiplayer chaos. The…

August 19, 2025

Microsoft Security Exposure Management: Ninja Training — No Magic, Just Painful Truths

Hi for All of you IT geeks and Security Gents! If you thought this was another shiny Microsoft hype circus — spoiler: it’s not.MSEM Ninja Training won’t turn you into some Hollywood hacker-Ninja in a hoodie. What it will do is drag you through the joyless swamp of Continuous Threat Exposure Management (CTEM) until you…

June 6, 2025June 6, 2025

Your Certificate Authority might betray u, like… for real :)))

aka: how to stop trusting blindly and lock down ur Microsoft ca before it ruins ur life What’s the big deal, why care about some “ca”? So CA is a topic a spicy one. like, most people don’t even think about certificate authority. it’s just “one of those servers in the corner” that got set…