How do you really model RBAC in attack paths? 🤔

@1cemoon.bsky.social breaks down the limitations of role-based mapping in BloodHound, and shows how to move to permission-level edges for clearer, more accurate graphs. #SOCON2026

Don’t miss @1cemoon.bsky.social at #BSidesSD 🔥

Deep dive into NAA, brokered client IDs, and how token flows behave (and break) in Microsoft environments.

Learn more: https://www.bsidessd.org/

Check out my new blog diving deeper into BroCI.

Check out my new blog on nested app authentication.

What can you expect to learn in our Azure Security Fundamentals training at #SOCON2025? Course architect
@1cemoon.bsky.social shares that students will dive into:

➡️ Azure Resource Manager
➡️ Common security misconfigurations
➡️ Entra ID authentication

Register today: ghst.ly/reg-socon25-...