Talks
On this page you’ll find recordings and slides from my conference talks around the 🌎🌏🌍. Enjoy!
Mobile device users: View horizontally 📟 to see all the columns.
2024
| Date | Conference | Title | Slides | Recording |
|---|---|---|---|---|
| Oct 29 | BlueHat 2024 | Deprecating Azure AD Graph API is Easy and Other Lies We Tell Ourselves | Slides (16 pp.) | Recording (18:34) |
| Jun 26 | Troopers 2024 | Exploiting Token-Based Authentication: Attacking and Defending Identities in the 2020s. | Slides (39 pp.) | Recording (51:03) |
2023
| Date | Conference | Title | Slides | Recording |
|---|---|---|---|---|
| Oct 26 | Dell Technologies Forum Sweden | How Researchers Defend Every Corner of Cyberspace | Slides (31 pp.) | Recording (25:51) |
| Oct 19 | Wild West Hackin’ Fest | Hacking Azure AD Identities | Slides (21 pp.) | Recording (54:33) |
| Oct 11 | BlueHat 2023 (October) | “It’s by-design” | Slides (44 pp.) | Recording (39:23) |
| Aug 12 | DEF CON Recon Village | Azure AD OSINT | Slides (37 pp.) | Recording (27:12) |
| Aug 12 | DEF CON 31 | From Feature to Weapon: Breaking Microsoft Teams and SharePoint integrity | Slides (40 pp.) | Recording (34:20) |
| Jun 28 | TROOPERS23 | Dumping NTHashes from Azure AD | Slides (49 pp.) | Recording (50:04) |
| May 19 | NorthSec 2023 | Workshop: Tokens, everywhere! | Slides (51 pp.) | Recording (stream) (1:54:06) |
| May 12 | Black Hat Asia 2023 | Abusing Azure Active Directory. From MFA Bypass to Listing Global Administrators | Slides (28 pp.) | Recording (37:58) |
| May 5 | t2 | DoSing Azure AD | Slides (42 pp.) | N/A |
| Feb 10 | BlueHat 2023 (February) STRIKE | From the Trenches: Working with Microsoft as a Researcher | Slides (33 pp.) | Recording (39:49) |
| Feb 8 | IT-DEFENSE 2023 | Consequences of Trust in Azure Active Directory | Slides (31 pp.) | N/A |
2022
| Date | Conference | Title | Slides | Recording |
|---|---|---|---|---|
| Dec 8 | Black Hat Europe 2022 | Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations | Slides (81 pp.) github |
Recording (42:07) |
| Dec 7 | Black Hat Europe 2022 Arsenal | AADInternals: The Swiss Army Knife for Azure AD & Microsoft 365 | Slides (11 pp.) | Recording (screen) (01:04:12) |
| Nov 19 | BSides Orlando | Attacking Azure Active Directory Under-The-Radar | Slides (31 pp.) | Recording (stream) (46:30) |
| Nov 11 | DefCamp | Abusing Azure AD Pass-through Authentication Vulnerabilities | Slides (22 pp.) | Recording (31:17) |
| Oct 26 | HäjySec October 2022 meetup | Azure AD Open-Source Intelligence (OSINT) | Slides (28 pp.) | Recording (01:01:02) |
| Sep 28 | ISF Finland Chapter Autumn Meeting | How Researchers Defend Every Corner of Cyberspace | Slides (22 pp.) | N/A |
| Sep 24 | RomHack 2022 | Attacking Azure AD by abusing Synchronisation API: The story behind 40.000 USD in bug bounties | Slides (43 pp.) | Recording (31:07) |
| Sep 22 | Cloud Identity Summit 2022 | Azure AD Security Testing with AADInternals | Slides (36 pp.) | N/A |
| Sep 16 | Prakticum Security Week | Cybersecurity career - I did it my way | Slides (21 pp.) | N/A |
| Aug 12 | DEF CON Cloud Village | Making the most of Microsoft cloud bug bounty programs: How I made $65,000 USD in bounties in 2021 (after-recording). | Slides (18 pp.) | Recording (28:14) |
| Aug 10 | BlackHat USA 2022 Arsenal | Secureworks® Primary Refresh Token (PRT) viewer. | Slides (11 pp.) | Recording (24:24) |
| Jun 29 | TROOPERS22 | Eight ways to compromise AD FS certificates | Slides (41 pp.) | Recording (54:51) |
| May 18 | M365 Security & Compliance User Group UK | Deep-dive to Azure AD Join | 👇 | Recording (59:01) |
| May 5 | Global Azure 2022 | Deep-dive to Azure AD Join | Slides (14 pp.) | Recording (1:08:05) |
| Apr 27 | ICEIS2022 | Exploring Azure Active Directory Attack Surface: Enumerating Authentication Methods with Open-Source Intelligence Tools. | Slides (15 pp.) Paper (6 pp.) |
Recording (19:12) |
| Mar 23 | Teams Nation 2022 | Slides (14 pp.) | Recording (46:10) |
2021
| Date | Conference | Title | Slides | Recording |
|---|---|---|---|---|
| Nov 20 | HTMD Conference 2021 | Devices and Identities - The Foundation of Azure Active Directory Security. | Slides (22 pp.) | Recording (54:18) |
| Nov 11 | Nordic Virtual Summit (2nd edition) | Identities and Devices - The Foundation of Azure Active Directory Security. | Slides (20 pp.) | Recording (53:54) |
| Nov 11 | Black Hat Europe. Arsenal | AADInternals: The Swiss Army Knife for Azure AD & M365 | Slides (12 pp.) | Recording (39:03) |
| Sep 30 | Cloud Identity Summit 2021 | Microsoft Zero Trust security model - Silver bullet or just another chase for the unicorn? | Slides (23 pp.) | Recording (54:14) |
| Sep 17 | PDCConf 2021 | AADInternals: How did I built the ultimate Azure AD hacking tool from the scratch | Slides (25 pp.) | Recording (46:24) |
| Sep 16 | Commsverse 2021 | Abusing Teams privacy, security, and compliance | Slides (18 pp.) | Recording (36:59) |
| Aug 26 | HelSec August Virtual Meetup | Spoofing and Tampering with Azure AD Sign-ins log | Slides (22 pp.) | Recording (46:24) |
| Jun 11 | Tonttu-koulutus (in Finnish) | Solorigate / Sunburst hyökkäys, suojaus- ja varautumistoimet, sekä korjaustoimenpiteet (in Finnish) | Slides (19 pp.) | Recording (48:19) |
| May 5 | Teams Nation 2021 | Abusing Teams privacy, security, and compliance | Slides (19 pp.) | N/A |
| Feb 27 | Scottish Summit 2021 | Abusing Azure Active Directory: Who would you like to be today? | Slides (48 pp.) | Recording (53:42) |
| Jan 2 | Nordic Virtual Summit | Abusing Azure Active Directory: Who would you like to be today? | Slides (47 pp.) |
