IT-DRAFTS
IT-DRAFTS

🧨 SUDO, YOU HAD ONE JOB!

Hi, now any user can get root — and Microsoft told you this would happen “Don’t run as root!” — they shouted.“Use sudo, it’s secure!” — they said.Well guess what?Even a user not in sudoers can now gain full root access. All thanks to sudo‘s cozy little bug involving chroot, nsswitch.conf, and your complacency. 🧬…

Read More

DPAPI: The Granddaddy of Windows Crypto (and your secrets)

Hey hey, so, n0w lets talk about DPAPI DPAPI is ‘Data Protection API’ is Windows’ native system for encrypting stuff like saved credentials, cookies, Wi-Fi passwords, and personal certs. Introduced in Windows 2000, it’s the ancient beast that still powers a terrifying amount of “secure storage” in modern Windows. 🧠 Under the Hood Based on…

Read More

Microsoft Just Threw Windows Licensing into the Cloud — And Locked It Inside Confidential VMs

Hi ))))))))))))) So here’s the deal: Microsoft just migrated its entire Windows Key Management Service (MKMS) — the backbone of license activations for Windows, Xbox, Office and who knows what else — into Azure.Not just any Azure. We’re talking Confidential Virtual Machines, managed HSMs, and enough hardware-backed encryption to make even the NSA feel excluded….

Read More

Windows LAPS with Intune: One admin password per device, finally.

Hi, still running one local admin password across all your Windows devices? Oof. That’s like using the same toothbrush for the whole office — unhygienic and a great way to spread… malware. Microsoft saw this mess and said: “Let’s fix it properly.”Enter: Windows LAPS — now fully built into Windows and managed through Intune like…

Read More

Baseline Wipeout: How Intune Just Nuked Its Own Security Promise

hi. welcome to 2024. where your cloud config tool auto-deletes your hardening policies… because someone didn’t design a merge engine. this isn’t a bug. it’s architecture. and now 48,000+ tenants are sitting on baseline vapor with no alert, no rollback, no visibility. ☠️ What happened? it started with the 23H2 → 24H2 security baseline schema…

Read More

Entra RBAC Just Got a Power-Up: Here’s What You Actually Need to Know

hi. Microsoft didn’t just tweak Entra RBAC—they dropped a load of new roles and tightened permissions, so you can lock down access without wrestling JSON or screaming at YAML. here’s the breakdown that matters. 🚀 June 2025: New Roles for New Demands Organizational Data Source AdministratorThis role lets you manage data source connections—perfect for big…

Read More

Azure Virtual Networks: Your Cloud’s Digital Skynet

hi. ever wondered what keeps your Azure machines whispering secrets to each other, talks to the internet, or talks back home to your HQ? that’s the role of Azure virtual networks (vnets) the core building block of Azure networking learn.microsoft.com+15azure.microsoft.com+15scholarhat.com+15tutorialsdojo.com. vnet is like your private LAN in the cloud, but with global backbone speed, scale,…

Read More

Ctrl+S to Compromise: FileFix Just Made MoTW Useless Again

hi. ever saved a web page?of course u did. Ctrl+S, “Webpage, Complete”, hit Enter, done.innocent?nope. welcome to FileFix.an exploit where saving a web page gives attackers the perfect entry — no exploits, no shellcode, just old-school HTML and Windows doing Windows things. FileFix: the ‘save as’ that opens Pandora’s browser the exploit comes from researcher…

Read More