ARGOS Cloud Security (@argos_cloud) 's Twitter Profile
ARGOS Cloud Security

@argos_cloud

Cloud assessments in no time. No agents. Find the hidden attack paths and lateral movement opportunities in any cloud.
For Consultants, MSPs, MSSPs, SOC.

ID: 1290523474788638721

linkhttps://argos-security.io calendar_today04-08-2020 05:43:13

477 Tweet

559 Followers

1,1K Following

David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

This was an interesting one. Odd errors when attempting to execute #PowerShell from within ARGOS, a c# application running on Linux Azure Functions. These errors took us down a rabbit hole with an interesting root cause and simple solution. cloud-right.com/2025/04/azure-…

This was an interesting one. Odd errors when attempting to execute #PowerShell from within ARGOS, a c# application running on Linux Azure Functions. These errors took us down a rabbit hole with an interesting root cause and simple solution.

cloud-right.com/2025/04/azure-…
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

👀👀👀 What's this? In the upcoming release ARGOS's cloud assessments will show E2E info from Entra ID to Azure. Entra apps with security issues and access to Azure resources? Someone created a user with admin permissions that has User Access Admin permissions on a Subscription?

👀👀👀
What's this? In the upcoming release ARGOS's cloud assessments will show E2E info from Entra ID to Azure.
Entra apps with security issues and access to Azure resources?
Someone created a user with admin permissions that has User Access Admin permissions on a Subscription?
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

The recent writeup of the OuttaTune vulnerability (cirriustech.co.uk/blog/outtatune…) by Graham G. inspired us to add and update the following detection into ARGOS. "Ensure only compliant devices can access M365 Office resources" More info on ARGOS: argos-security.io

The recent writeup of the OuttaTune vulnerability (cirriustech.co.uk/blog/outtatune…) by Graham G. inspired us to add and update the following detection into ARGOS.

"Ensure only compliant devices can access M365 Office resources"

More info on ARGOS: argos-security.io
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Continuing the fight against static, long-lived credentials. Thanks to Daniel Bradley for his recent article on blocking Entra ID application secrets. Highly recommend you read it and follow the guidance to "deny by default" and "allow by exception". Added this to ARGOS Cloud Security now.

Continuing the fight against static, long-lived credentials. Thanks to <a href="/DanielatOCN/">Daniel Bradley</a> for his recent article on blocking Entra ID application secrets. Highly recommend you read it and follow the guidance to "deny by default" and "allow by exception".
Added this to <a href="/ARGOS_Cloud/">ARGOS Cloud Security</a> now.
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

🔔 New feature alert: Unified Blast-Radius Map 🔔 One diagram shows Entra ID/M365 ➡️ Azure, end-to-end. No KQL, no portal clicking. Watch the 2-min demo here and if you are keen to see more, check our other demos on argos-security.io/videos

David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Londoners, I'll be in town from 29/05-01/06. Would be great to catch up with you if you want to talk about cloud, cloud security, or planes. I love to talk about planes. 😂 Who's around? Who can show me the best Chai Masala in town? #azure #cloudsecurity #m365 #cloud

Londoners, I'll be in town from 29/05-01/06. Would be great to catch up with you if you want to talk about cloud, cloud security, or planes. I love to talk about planes. 😂 
Who's around? Who can show me the best Chai Masala in town?

#azure #cloudsecurity #m365 #cloud
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

🔥 Hottest latest release! 🔥 Why is this "demo" Entra ID user a potential security issue? Explain in one simple image why. (Hint: Global Reader, and access to an Azure Resource Group with important resources, ARGOS also told you no MFA 😱) More info on argos-security.io

🔥 Hottest latest release! 🔥
Why is this "demo" Entra ID user a potential security issue? 
Explain in one simple image why. (Hint: Global Reader, and access to an Azure Resource Group with important resources, ARGOS also told you no MFA 😱)
More info on argos-security.io
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Hoi Utrecht - I'll be having a few hours to kill next week Monday afternoon (26/05) before I'm heading to Düsseldorf for the European Cloud Summit. What is there to do? Anybody wants to meet? (AI image generation gets pretty accurate, almost)

Hoi Utrecht - I'll be having a few hours to kill next week Monday afternoon (26/05) before I'm heading to Düsseldorf for the European Cloud Summit. 
What is there to do? Anybody wants to meet? 

(AI image generation gets pretty accurate, almost)
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

We just requested OpenAI o3 access for ARGOS. We have a few ideas already on what to improve (currently using GPT-4o), but what would you like to see us build? Shall we polish our AI assistant? Better reporting? #CloudSecurity #azure #entraid #m365 #ciso

David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Bye bye Europe. It's been a blast. 10 days, 5 cities, 3 countries, met friends and had many ARGOS Cloud Security meetings with companies that are looking to streamline their cloud security assessments, standardise them, make them more accurate and meaningful. See you next time!

Bye bye Europe. It's been a blast. 10 days, 5 cities, 3 countries, met friends and had many <a href="/ARGOS_Cloud/">ARGOS Cloud Security</a> meetings with companies that are looking to streamline their cloud security assessments, standardise them, make them more accurate and meaningful. 
See you next time!
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Consultants: ever spent hours digging through #EntraID, #Azure, or #M365 just to find one risky user? 🔍 ARGOS spots those users - and maps their attack paths - in minutes. 👉 Visual graph of lateral-movement risk from Entra to Azure 👉 Executive-ready report, auto-generated

Consultants: ever spent hours digging through #EntraID, #Azure, or #M365 just to find one risky user?
🔍 ARGOS spots those users - and maps their attack paths - in minutes.
👉 Visual graph of lateral-movement risk from Entra to Azure
👉 Executive-ready report, auto-generated
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

If you’re still stitching scripts together, see how fast a modern assessment can be. 🌐 Watch more demo videos on argos-security.io and download a sample report straight into your inbox. What are you waiting for?

David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Apparently, people love to see ARGOS in action and listen to my beautiful voice. Watch demo videos here! argos-security.io/videos/ Learn how easy it is to find issues in #Azure and #EntraID / #M365, and understand them, using our network and infrastructure diagrams.

Apparently, people love to see ARGOS in action and listen to my beautiful voice. Watch demo videos here!

argos-security.io/videos/

Learn how easy it is to find issues in #Azure and #EntraID / #M365, and understand them, using our network and infrastructure diagrams.
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

"Your findings don't mean anything!" - this is what one of our customers was told by their customer before they used ARGOS. No context, no relation to what their customer did, just a "stupid" CSPM style list of findings. How? Read on...

"Your findings don't mean anything!" - this is what one of our customers was told by their customer before they used ARGOS.
No context, no relation to what their customer did, just a "stupid" CSPM style list of findings. How? Read on...
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Now they can have easy conversations with their customers and deliver meaningful security assessment reports to them, all automatically prepared for them. Check argos-security.io and get in touch to learn more.

David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Today, managed to code and ship a few ARGOS Cloud Security UX fixes that really bugged me for a few months now: - pre-scan input validation -> scan now doesn't even start if creds don't work, incl proper error message to user - lots of frontend typos 🫠 It's not always shiny features 🫣

David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Microsoft Well-Architected Reviews. Looking beyond "just security" a lot of orgs want to know how well they're "doing cloud" generally. We already cover the Azure Security pillar with a great customer-ready report in minutes & over 200 controls. Curious? argos-security.io

Microsoft Well-Architected Reviews. Looking beyond "just security" a lot of orgs want to know how well they're "doing cloud" generally.
We already cover the Azure Security pillar with a great customer-ready report in minutes &amp; over 200 controls.
Curious? argos-security.io
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

👀 Hey Consultants, ARGOS is starting to peek into Intune configuration... More info? Check out argos-security.io #entraid #intune #cloudsecurity #m365

👀 Hey Consultants, ARGOS is starting to peek into Intune configuration...

More info? Check out argos-security.io 

#entraid #intune #cloudsecurity #m365
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Reminder! It's almost time that those old pesky TLS versions are turned off by Microsoft. Use ARGOS to help your customers (or yourself) to understand where to start. Watch this short demo of ARGOS in action. argos-security.io/videos/#Find_d… #azure #cloudsecurity #cloud #cybersecurity

Reminder! It's almost time that those old pesky TLS versions are turned off by Microsoft. Use ARGOS to help your customers (or yourself) to understand where to start.
Watch this short demo of ARGOS in action.

argos-security.io/videos/#Find_d…

#azure #cloudsecurity #cloud #cybersecurity
David O'Brien (he/him) (@david_obrien) 's Twitter Profile Photo

Happy dance today! Two meetings: - Head of Professional Services mentioned how ARGOS Cloud Security saves them avg 3 days of effort on a 5 day gig. - Security Consultant " **o**** creates way too many false positives. You don't, because you check the rest of the environment for me."