My talks from October at Microsoft BlueHat, Wild West Hackin' Fest, & Dell Technologies Forum Sweden available at https://aadinternals.com/talks/
Enjoy!
Senior Principal Security Researcher
@microsoft. Ex-Secureworks. (PhD, MSc, MEng, CITP, CCSK).
And yes, opinions are my own ;)
NOT ACTIVE HERE -> https://bsky.app/profile/drazuread.com
My talks from October at Microsoft BlueHat, Wild West Hackin' Fest, & Dell Technologies Forum Sweden available at https://aadinternals.com/talks/
Enjoy!
In this #Microsoft BlueHat talk I'll share some "by design" war stories from me and fellow researchers. The cases demonstrate a scale of different outcomes of "by design" rulings. The purpose is to foster dialogue between Microsoft Security Response Center (MSRC) and researchers to keep us all protected!
👉 https://microsoft.com/bluehat/
@cirriustech thanks!
#DEFCON31 recordings are out now!
Link to my talk & slides "From Feature to Weapon - Breaking Microsoft Teams and SharePoint Integrity" available at https://aadinternals.com/talks
The recording of my #DEFCON31 #ReconVillage talk "Azure AD OSINT" (applies also to Entra ID) is out now: https://www.youtube.com/watch?v=4NpT78zxZEo
Slides 👉 https://aadinternals.com/talks/
My #TROOPERS talk on Dumping NTHashes from Azure AD (Entra ID) is out now!
https://www.youtube.com/watch?v=gT8t5A93qMw
@jtig @defcon the second demo (replacing .aspx) works if custom scripts are allowed eirher tenant wide or per site.
https://learn.microsoft.com/en-us/sharepoint/allow-or-prevent-custom-script
#AADInternals #DEFCON32 edition I demonstrated in my @defcon talk is now available on GitHub and #PowerShellGallery:
◾ Spoof SPO, Teams, and OneDrive files
◾ Tamper with existing files
◾ Nothing is logged
Change log available at: https://aadinternals.com/aadinternals/#version-info
Slides of my #DEFCON31 and #ReconVillage talks are available at https://aadinternals.com/talks/#2023
Confidentiality, availability, and integrity are the three principles of information security. Join my #DEFCON session today (at 12, Track 4) to learn how to break the integrity of #Microsoft #Teams and #SharePoint using built-in migration feature.
I'll demonstrate how a standard user can:
🔹Spoof documents and tamper with existing documents (without any log events)
🔹Perform XSS attacks to break confidentiality, EoP, etc.
Are you attending any of those great #AzureAD / #EntraID security related trainings today at #BHUS? Watch out, I might stop by to say hi! Also might bring some #AADInternals stickers 😉
@cybeej on Sat 2:25 pm
I'm in!
@jtig yes, ReconVillage will take care of that
Okay peeps, I'm talking next week at #DEFCON #ReconVillage about #AzureAD / #EntraID OSINT. Besides the most beautiful and informative slide deck, would you like to see recorded or live demos?
I recently spoke at T2 conference on Azure AD Denial-of-Service attacks. The talk was not recorded, so I decided to write a blog about it for those who couldn't attend.
#AADInternals
@WEareTROOPERS
edition OUT NOW at #PowerShell Gallery and GitHub!!
Thanks to
@_dirkjan
for WHfB research & inspiration,
@cnotin
for PR, and
Nevada Romsdahl
&
@nullg0re
&
@santasalojoosua
for helping with AADDS research!
Lots of new stuff:
🔹Export NTHashes from AzureAD 😱
🔹Command line based interactive login
🔹Automatic MFA with OTP
🔹TAP support
🔹Export PRT & Session key from CloudAP cache (with user credentials)
🔹Setting WHfB key
🔹Getting PRT & Session key with WHfB key
🔹PS 7 support 🤞
If/when you find any bugs, please let me know asap (Twitter, GitHub issue/PR, etc.)
Full changelog: https://aadinternals.com/aadinternals/#version-info
Slide deck of my
@WEareTROOPERS
talk "Dumping NTHashes from Azure AD" available at https://aadinternals.com/talks/#2023
TL;DR:
🔹Deploying Azure AD Domain Services (AADDS) makes Azure AD connect to sync legacy credentials (NTHashes) to Azure AD
🔹Credentials are stored in Azure AD in hidden user object attributes only accessible by "Azure AD Domain Services Sync" application
🔹Credentials are encrypted/decrypted using certificates stored in AADDS DC:s certificate store
🔹Dumping NTHashes requires compromising AADDS DC
The truth is out there... so are lies... but it's no lie that @DrAzureAD will be speaking at Deadwood 2023!
Grab your Deadwood 2023 in-person and virtual tickets here. → https://wildwesthackinfest.com/deadwood/
Seems that I may or may not present my "Azure Active Directory Token Theft and Manipulation Attacks" talk at RSA Conference in April 🤷♂️