Risky Business Podcast
August 13, 2025
Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds
Presented by
Technology Editor
CEO and Publisher
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- CISA warns about the path from on-prem Exchange to the cloud
- Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are
- Everyone and their dog seems to have a shell in US Federal Court information systems
- Google pays $250k for a Chrome sandbox escape
- Attackers use javascript in adult SVG files to … farm facebook likes?!
- SonicWall says users aren’t getting hacked with an 0day… this time.
This week’s episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together.
This episode is also available on Youtube.
Brought to you by SpecterOps
Know Your Adversary
Show notes
Advanced Active Directory to Entra ID lateral movement techniques
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
Cartels may be able to target witnesses after major court hack
Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive
HTTP/1.1 must die: the desync endgame
Adult sites are stashing exploit code inside racy .svg files - Ars Technica
Google pays 250k for Chromium sandbox escape
Malware in Open VSX: These Vibes Are Off
How attackers are using Active Directory Federation Services to phish with legit office.com links
Introducing our guide to phishing detection evasion techniques