Talks
| Title | Event | Slides | Video |
|---|---|---|---|
| Attacker Methods of Infesting Entra ID | RSAC Cloud Seminar | Slides | YouTube |
| Entra ID’s Administrative Unit Attack Paths | SpecterOps SO-CON 2025 | Slides | YouTube |
| Cloud Incident Response in Microsoft Azure | Cloud Security Podcast | YouTube | |
| Azure Security Assessments w/ Resource Graph Explorer | Cloud Security Podcast | YouTube | |
| Hidden in Plain Sight: (Ab)using Entra’s AUs | BSides Toronto 2024 | Slides | YouTube |
| Hidden in Plain Sight: (Ab)using Entra’s AUs | fwd:cloudsec EU 2024 | Slides | YouTube |
| Azure And The (Mis) Storage Of Secrets | BSides Toronto 2022 | Slides | YouTube |
| A Quick Jaunt Through Active Directory Hacking | WiCyS NYC, Jan 2020 | Slides | N/A |
| Tips for Crushing CTFs & Pwning Pentests | KringleCon 2019 | Slides | YouTube |
| Realistic Strategies for AD Security & Red Forest | RSA 2019 | Slides | YouTube |
| Sneaking Secrets from SMB Shares | KringleCon 2018 | Slides | YouTube |
| Voyages of the Security-Driven Enterprise | OWASP BASC 2018 | Slides | N/A |
| Investigating RF Controls with the RTL-SDR | BSides NYC 2018 | Slides | Vimeo |
| Investigating RF Controls with the RTL-SDR | SANS HackFest 2017 | Slides | N/A |
| SMTP Security & History | Layer One 2017 | Slides | YouTube |
External Publications
| Link | Source |
|---|---|
| Creating immutable users through a bug in Entra ID restricted administrative units | Datadog Security Labs |
| Escalating privileges to read secrets with Azure Key Vault access policies | Datadog Security Labs |
| Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence | Datadog Security Labs |