Dirk-jan Mollema

Dirk-jan Mollema

Hacker, red teamer, researcher. Likes to write infosec-focussed Python tools. This is my personal blog containing research on topics I find interesting, such as (Azure) Active Directory internals, protocols and vulnerabilities.

Looking for a security test or training? Business contact via outsidersecurity.nl

Presentations and external blogs

Presentations

DEF CON 32: Abusing Windows Hello Without a Severed Hand (joint talk with Ceri Coburn)

Topic: Microsoft Entra, Primary Refresh Tokens, Windows Hello, Windows internals
Links: Slides (PDF) | Video recording: coming soon

Troopers 24: Attacking Primary Refresh Tokens using their MacOS implementation

Topic: Microsoft Entra, Primary Refresh Tokens, macOS
Links: Slides (PDF) | Demo video | Video recording: coming soon

Area41 2024: Phishing the Phishing Resistant - Phishing for Primary Refresh Tokens in Microsoft Entra

Topic: Microsoft Entra, Windows Hello, Credential phishing
Links: Slides (PDF) | Demo video | Video Recording

TROOPERS 23: (Windows) Hello from the other side

Topic: Azure AD, Windows Hello, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording

x33fcon 2023: (Windows) Hello from the other side

Topic: Azure AD, Windows Hello, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording

NorthSec 2023: (Windows) Hello from the other side

Topic: Azure AD, Windows Hello, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording

Insomnihack 23: Breaking and fixing Azure AD device identity security

Topic: Azure AD, Office 365, Conditional Access, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording

Black Hat USA 2022: Backdooring and Hijacking Azure AD Accounts by Abusing External Identities

Topic: Azure AD, Office 365, External Identities, B2B
Links: Abstract | Slides (PDF) | Demo video | Video recording

TROOPERS 22: Breaking Azure AD joined endpoints in Zero Trust environments

Topic: Azure AD, Office 365, Conditional Access, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording

Romhack 2021: Breaking Azure AD joined endpoints in Zero Trust environments

Topic: Azure AD, Office 365, Conditional Access
Links: Abstract | Slides (PDF) | Video Recording

Wild West Hacking Fest - Cloud Roundup Dec 2020: Fantastic Conditional Access Policies and how to bypass them

Topic: Azure AD, Office 365, Conditional Access
Links: Abstract | Slides (PDF) | Video Recording

Black Hat Asia 2020: Walking your dog in multiple forests - breaking AD trust boundaries through Kerberos vulnerabilities

Topic: Active Directory, Kerberos
Links: Abstract | Slides (PDF) | Conference recording (bad audio) | Video recording with better audio

BlueHat Seattle 2019: I’m in your cloud: A year of hacking Azure AD

Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo video | Video Recording

DEF CON 27: I’m in your cloud… pwning your Azure environment

Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo videos | Video Recording

TROOPERS 19: I’m in your cloud, reading everyone’s emails - hacking Azure AD via Active Directory

Topic: Azure AD, Office 365, Active Directory
Links: Abstract | Slides (PDF) | Slides (SlideShare) | Video recording

HITB Dubai Armory: aclpwn - Active Directory ACL exploitation with BloodHound

Topic: Active Directory, BloodHound
Links: Slides (SlideShare) | Tool

External blogs

The following blogs were (co-)authored by me on different platforms/websites:

2019-06 - Syncing yourself to Global Administrator in Azure Active Directory
2018-08 - Remote NTLM relaying through meterpreter on Windows port 445
2018-04 - Escalating privileges with ACLs in Active Directory
2018-04 - Compromising Citrix ShareFile on-premise via 7 chained vulnerabilities
2018-01 - mitm6 - Compromising IPv4 networks via IPv6
2017-05 - Relaying credentials everywhere with ntlmrelayx