Talks
Title | Event | Slides | Video |
---|---|---|---|
Hidden in Plain Sight: (Ab)using Entra’s AUs | BSides Toronto 2024 | Slides | YouTube |
Hidden in Plain Sight: (Ab)using Entra’s AUs | fwd:cloudsec EU 2024 | Slides | YouTube |
Azure And The (Mis) Storage Of Secrets | BSides Toronto 2022 | Slides | YouTube |
A Quick Jaunt Through Active Directory Hacking | WiCyS NYC, Jan 2020 | Slides | N/A |
Tips for Crushing CTFs & Pwning Pentests | KringleCon 2019 | Slides | YouTube |
Realistic Strategies for AD Security & Red Forest | RSA 2019 | Slides | YouTube |
Sneaking Secrets from SMB Shares | KringleCon 2018 | Slides | YouTube |
Voyages of the Security-Driven Enterprise | OWASP BASC 2018 | Slides | N/A |
Investigating RF Controls with the RTL-SDR | BSides NYC 2018 | Slides | Vimeo |
Investigating RF Controls with the RTL-SDR | SANS HackFest 2017 | Slides | N/A |
SMTP Security & History | Layer One 2017 | Slides | YouTube |
External Publications
Link | Source |
---|---|
Escalating privileges to read secrets with Azure Key Vault access policies | Datadog Security Labs |
Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence | Datadog Security Labs |