Presentations and external blogs
Presentations
TROOPERS 23: (Windows) Hello from the other side
Topic: Azure AD, Windows Hello, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording
x33fcon 2023: (Windows) Hello from the other side
Topic: Azure AD, Windows Hello, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording
NorthSec 2023: (Windows) Hello from the other side
Topic: Azure AD, Windows Hello, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording
Insomnihack 23: Breaking and fixing Azure AD device identity security
Topic: Azure AD, Office 365, Conditional Access, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording
Black Hat USA 2022: Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
Topic: Azure AD, Office 365, External Identities, B2B
Links: Abstract | Slides (PDF) | Demo video | Video recording
TROOPERS 22: Breaking Azure AD joined endpoints in Zero Trust environments
Topic: Azure AD, Office 365, Conditional Access, Azure AD devices
Links: Abstract | Slides (PDF) | Video Recording
Romhack 2021: Breaking Azure AD joined endpoints in Zero Trust environments
Topic: Azure AD, Office 365, Conditional Access
Links: Abstract | Slides (PDF) | Video Recording
Wild West Hacking Fest - Cloud Roundup Dec 2020: Fantastic Conditional Access Policies and how to bypass them
Topic: Azure AD, Office 365, Conditional Access
Links: Abstract | Slides (PDF) | Video Recording
Black Hat Asia 2020: Walking your dog in multiple forests - breaking AD trust boundaries through Kerberos vulnerabilities
Topic: Active Directory, Kerberos
Links: Abstract | Slides (PDF) | Conference recording (bad audio) | Video recording with better audio
BlueHat Seattle 2019: I’m in your cloud: A year of hacking Azure AD
Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo video | Video Recording
DEF CON 27: I’m in your cloud… pwning your Azure environment
Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo videos | Video Recording
TROOPERS 19: I’m in your cloud, reading everyone’s emails - hacking Azure AD via Active Directory
Topic: Azure AD, Office 365, Active Directory
Links: Abstract | Slides (PDF) | Slides (SlideShare) | Video recording
HITB Dubai Armory: aclpwn - Active Directory ACL exploitation with BloodHound
Topic: Active Directory, BloodHound
Links: Slides (SlideShare) | Tool
External blogs
The following blogs were (co-)authored by me on different platforms/websites:
2019-06 - Syncing yourself to Global Administrator in Azure Active Directory
2018-08 - Remote NTLM relaying through meterpreter on Windows port 445
2018-04 - Escalating privileges with ACLs in Active Directory
2018-04 - Compromising Citrix ShareFile on-premise via 7 chained vulnerabilities
2018-01 - mitm6 - Compromising IPv4 networks via IPv6
2017-05 - Relaying credentials everywhere with ntlmrelayx