Presentations and external blogs


Wild West Hacking Fest - Cloud Roundup Dec 2020: Fantastic Conditional Access Policies and how to bypass them

Topic: Azure AD, Office 365, Conditional Access
Links: Abstract | Slides (PDF) | Video Recording

Black Hat Asia 2020: Walking your dog in multiple forests - breaking AD trust boundaries through Kerberos vulnerabilities

Topic: Active Directory, Kerberos
Links: Abstract | Slides (PDF) | Conference recording (bad audio) | Video recording with better audio

BlueHat Seattle 2019: I’m in your cloud: A year of hacking Azure AD

Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo video | Video Recording

DEF CON 27: I’m in your cloud… pwning your Azure environment

Topic: Azure AD, Office 365
Links: Abstract | Slides (PDF) | Demo videos | Video Recording

TROOPERS 19: I’m in your cloud, reading everyone’s emails - hacking Azure AD via Active Directory

Topic: Azure AD, Office 365, Active Directory
Links: Abstract | Slides (PDF) | Slides (SlideShare) | Video recording

HITB Dubai Armory: aclpwn - Active Directory ACL exploitation with BloodHound

Topic: Active Directory, BloodHound
Links: Slides (SlideShare) | Tool

External blogs

The following blogs were (co-)authored by me on different platforms/websites:

2019-06 - Syncing yourself to Global Administrator in Azure Active Directory
2018-08 - Remote NTLM relaying through meterpreter on Windows port 445
2018-04 - Escalating privileges with ACLs in Active Directory
2018-04 - Compromising Citrix ShareFile on-premise via 7 chained vulnerabilities
2018-01 - mitm6 - Compromising IPv4 networks via IPv6
2017-05 - Relaying credentials everywhere with ntlmrelayx