Presentations and external blogs
Presentations
BlueHat Seattle 2019: I’m in your cloud: A year of hacking Azure AD
Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo video | Video Recording
DEF CON 27: I’m in your cloud… pwning your Azure environment
Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo videos | Video Recording
TROOPERS 19: I’m in your cloud, reading everyone’s emails - hacking Azure AD via Active Directory
Topic: Azure AD, Office 365, Active Directory
Links: Abstract | Slides (PDF) | Slides (SlideShare) | Video recording
HITB Dubai Armory: aclpwn - Active Directory ACL exploitation with BloodHound
Topic: Active Directory, BloodHound
Links: Slides (SlideShare) | Tool
External blogs
The following blogs were (co-)authored by me on different platforms/websites:
2019-06 - Syncing yourself to Global Administrator in Azure Active Directory
2018-08 - Remote NTLM relaying through meterpreter on Windows port 445
2018-04 - Escalating privileges with ACLs in Active Directory
2018-04 - Compromising Citrix ShareFile on-premise via 7 chained vulnerabilities
2018-01 - mitm6 - Compromising IPv4 networks via IPv6
2017-05 - Relaying credentials everywhere with ntlmrelayx