![Dirk-Jan Mollema walks us through The Entra ID Cross-Tenant Vulnerability Discovery– 2025-09-22 - Talkin' Bout [Infosec] News cover](/_next/image?url=https%3A%2F%2Fassets.blubrry.com%2Fcoverart%2Forig%2F577207-646458.jpg&w=1200&q=75)
Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode: Dirk-Jan Mollema walks us through The Entra ID Cross-Tenant Vulnerability Discovery
Date: September 25, 2025
Episode Overview
This episode is a deep technical and candid discussion between the Black Hills Information Security (BHIS) team and renowned security researcher Dirk-Jan Mollema. The core focus is Dirk-Jan’s discovery of a critical cross-tenant privilege escalation vulnerability affecting Microsoft Entra ID (formerly Azure AD), with wider explorations of recent infosec headlines including the Shai Hulud npm worm and supply chain attacks. The conversation blends vulnerability research, practical incident response, and the ongoing struggles of defending complex modern infrastructure—punctuated by the crew’s irreverent humor and war stories from the security trenches.
Featured Guest
Dirk-Jan Mollema
- Cloud exploitation researcher
- Operator of Outsider Security (pen testing and training)
- Creator/contributor to Roadtools (Azure/Entra AD recon)
[04:01] A: “Our real celebrity guest is Dirk-Jan, a cloud exploitation expert, or just hated by Microsoft maybe is your job title...”
Detailed Breakdown & Key Insights
1. Entra ID Cross-Tenant Vulnerability: The Discovery and Impact
-
Dirk-Jan’s Big Find ([05:03], [07:57], [08:43])
- Found a bug in Microsoft’s Entra ID cloud authentication that allowed a token acquired in one tenant to be used for privilege escalation across other tenants—a major cross-tenant issue.
- Microsoft initially rated the CVE as high-severity (9), but later boosted it to critical (10).
- Dirk-Jan [05:16]: “They said, attack complexity high. And I was like, I don't think it's that high.”
- The main vector involved manipulating authentication tokens and exploring API boundaries—an insight that only came during slide polish for Blackhat/DEFCON talks.
-
Discovery Details
- Came from a hunch—"something’s off here" and a methodical exploration of what errors and edge cases emerged when tweaking token payloads.
- Dirk-Jan [06:09]: "Sometimes, like, when you're researching something, you just get that feeling like, hey, something's off here. Something's not right with this product or protocol. It has to be broken somehow."
- Key moment: Trying a token on his own production tenant and unexpectedly receiving data back, proving true cross-tenant privilege.
- Dirk-Jan [07:55]: "I changed it to my real tenant where I host my email ... I figured out it really worked and I tested it with a few other test tenants I have. And I was like, okay, this actually works cross-tenant."
- Came from a hunch—"something’s off here" and a methodical exploration of what errors and edge cases emerged when tweaking token payloads.
-
Disclosure and Timeline
- Discovered just weeks before Blackhat/DEFCON; Microsoft silently patched before his public talks.
- Only included cryptic teasers in his presentations, out of respect for timing and to not overshadow other content.
-
Scope & Affected Systems ([10:42])
- Though first identified in hybrid-joined setups, the vulnerability did not require hybrid join—any tenant with Exchange credentials could be affected.
-
Indicators of Compromise & Logging ([11:41])
- Little to no native logging for the legacy APIs involved; actual exploitation may be undetectable unless privilege changes (e.g., new admin users) are made.
- Dirk-Jan: “...no API level logging yet for this API... if you want to change something, then that will result in audit logs. So I can add like a new global admin...”
- Little to no native logging for the legacy APIs involved; actual exploitation may be undetectable unless privilege changes (e.g., new admin users) are made.
-
Legacy APIs & Roadtools ([13:16])
- Debates on Microsoft’s slow deprecation of legacy APIs; Dirk is ready to move Roadtools to Graph API when forced, but “the old API is just better."
- Dirk-Jan [14:33]: “I think [legacy API] will keep working for a while, and if not, we'll switch over to Microsoft Graph, I guess. But I like the old API more because there's more information in there.”
- Debates on Microsoft’s slow deprecation of legacy APIs; Dirk is ready to move Roadtools to Graph API when forced, but “the old API is just better."
-
Microsoft Bug Bounty & Attitude Shift ([16:17])
- Recounts Microsoft’s shift from "by design" dismissals to now taking these issues seriously, thanks in part to public pressure and their Secure Future initiative.
- Dirk-Jan [16:35]: “Five years ago...everything was like by design and not a problem. But they're taking things quite a bit more serious now.”
- Recounts Microsoft’s shift from "by design" dismissals to now taking these issues seriously, thanks in part to public pressure and their Secure Future initiative.
-
Community Reaction & Roadtools Utility
- Dirk is warmly thanked and credited by the pen testing community for giving the field crucial offensive tools for Azure/Entra research.
-
Pressure of Fame & Sustained Research ([18:31])
- Discussion of burnout and the unhealthy “vulnerability treadmill”
- John Strand [18:31]: “You can get into that treadmill...where they had to find the next big vulnerability. If you're at peace with that, that's awesome.”
- Discussion of burnout and the unhealthy “vulnerability treadmill”
-
Plug: Outsider Security ([19:09])
- Dirk's solo consultancy, primarily pen testing and training on Azure/Entra AD.
2. Shai Hulud npm Worm & The State of Supply Chain Security
-
Overview of the Threat ([20:07])
- “Shai Hulud” worm spread through npm, exfiltrating GitHub secrets to public repos.
- Used trufflehog for secret extraction, then published findings to new public GitHub repos and via GitHub Actions for propagation.
-
Scope and Impact ([23:46])
- Spread to hundreds or thousands of npm packages, momentarily affecting high-profile libraries (e.g., CrowdStrike’s npm packages).
- Exploited the trust and chaos of decentralised npm package updates.
-
Detection & Response ([26:08], [31:23])
- Discussed technical response (delaying updates, locking versions, using monitoring tools like “Chris Knife").
- Identified difficulties in getting reliable logs due to use of public/private GitHub accounts and repo creation outside of enterprise logging.
- F [31:23]: “You have to use something like this Chris Knife tool to go look at every single one of your GitHub accounts to see if they’ve posted a shai hulud repo.”
-
Supply Chain Anecdotes & Commentary
- Amused but apprehensive nostalgia over the return of worms—automation seen as both a throwback and a new threat vector.
-
Organizational Prevention ([32:55], [38:33])
- Strong stress on knowing your environment: what packages you use, how often you update, how your dev/account hygiene is structured.
- Debate between automatic patching (good for security, bad if supply chain tainted) vs. slowing or validating every update (bad if manual, but potentially safer).
- John Strand [42:11]: "...nothing ever replaces that [traditional security model] like... just understanding on some level how your software development lifecycle works is still a requirement, no matter how many tools you have."
-
On Vendor Tools ([39:46], [41:40])
- Skepticism towards solutions promising to catch everything as it lands; most tools stronger at helping clean up post-incident or catch “yesterday’s attacks."
-
Fundamentals & IR Readiness ([48:45])
- Actionable takeaway: organizations must emphasize fundamental SOC skills—log review, network monitoring, knowing your environment—over silver-bullet solutions.
- John Strand: "If you understand the blue cards...almost every incident. If you look at play.backdoors and breaches.com... should have documented procedures..."
- Actionable takeaway: organizations must emphasize fundamental SOC skills—log review, network monitoring, knowing your environment—over silver-bullet solutions.
3. Steam Game Supply Chain Attack ([49:27])
- A peripheral but illustrative story: a legitimate Steam game (“Block Blasters”) was later weaponized to run a crypto drainer that stole streamer donations and crypto wallets mid-stream.
- Notably, attackers failed basic OPSEC, easily unmasked due to public Telegram group links embedded in malware.
- General advice: Separate your play machines from real assets; don’t trust any app/game store to keep you safe.
- A [53:24]: “Don’t put anything trusted on a system that you’re just running random games on.”
4. Critical Dependency and Service Outage – Airport Supply Chain Attack ([54:53])
- Multi-country airport check-ins disabled by cyberattack against Muse (airline check-in SaaS), highlighting that supply chain attacks span both code and entire service layers.
- Broader discussion on physical vs. cyber-related travel disruptions and the fog of reporting after an incident.
Notable Quotes & Moments
-
Dirk-Jan on Cross-Tenant Token Exploitation
[07:57] “...The token was from a different tenant and I just changed the tenant ID and like this outer unsigned token. Then I changed the user ID to a valid one and I actually got back results. I'm like, no, this can't be happening…” -
On Fundamental Security
[42:11] John Strand: "You can never replace the traditional security model of understanding your environment and locking it down to the best of your abilities." -
On Pen Testing Tools
[15:53] A: "As a pen tester, I'm a huge fan. Like, we use RoadTX all the time and roadtools. Like, yeah, we...it's been a critical thing for us and I really appreciate your work on it." -
On Modern IR Realities
[44:09] A: "...I don't think you need to detect this when it enters the supply chain. I think that's way too over...I think you just need tools...I just want to run this incident in eight hours or less because that's my...I just want to be able to clean it quickly and identify what's infected..."
Key Timestamps
-
Entra Cross-Tenant Vulnerability Deep Dive
[04:01] Introduction to Dirk-Jan and CVE
[06:09]-[08:43] Discovery Process
[10:42]-[15:12] Impact on Tenants & Roadtools API Choices
[16:17] Microsoft’s Changing Attitude
[18:31] Career and “celebrity bug finder” treadmill -
npm Worm Incident
[20:07] Shai Hulud worm overview
[23:46] Spread details and CrowdStrike mention
[31:23] Detection techniques and monitoring
[38:33] Can you or should you DIY this kind of defense? -
Supply Chain Philosophy and Incident Response Fundamentals
[41:40], [42:11], [48:45] Sustained main-thread on process and readiness -
Steam Game Crypto Drainer
[49:27] Details and incident lessons -
Airport Outage – SaaS Supply Chain
[54:53] Muse SaaS check-in outage / cyberattack discussion
Podcast Tone
- Camaraderie & Humor: Frequent asides, jokes about fridges and chicken nuggets, and irreverent banter.
- Technical & Candid: Willingly critical of vendors, Microsoft, and the state of infosec, but practical advice prevails: “know your environment,” “don’t chase silver bullets.”
- Community-Oriented: Shoutouts to contributors, Discord chat references, and actionable tips.
Closing Thoughts
This episode offered an unvarnished look at both the excitement and headaches of modern security: landmark vulnerabilities, real-world incident aftermaths, and the difficulties of effective detection in dynamic, interlinked systems. The crew’s consensus: security fundamentals, rapid IR, and community tool-building are still our bedrock, even as the problem space evolves.
[Full episode and additional resources at: Black Hills Information Security]