Talks
On this page you’ll find recordings and slides from my conference talks. Enjoy!
Mobile device users: View horizontally 📟 to see all the columns.
2023
Date | Conference | Title | Slides | Recording |
---|---|---|---|---|
Feb 8 | IT-DEFENSE 2023 | Consequences of Trust in Azure Active Directory | Slides (31 pp.) | N/A |
2022
Date | Conference | Title | Slides | Recording |
---|---|---|---|---|
Dec 8 | Black Hat Europe 2022 | Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations | Slides (81 pp.) github |
N/A |
Dec 7 | Black Hat Europe 2022 Arsenal | AADInternals: The Swiss Army Knife for Azure AD & Microsoft 365 | Slides (11 pp.) | Recording (screen) (01:04:12) |
Nov 19 | BSides Orlando | Attacking Azure Active Directory Under-The-Radar | Slides (31 pp.) | Recording (stream) (46:30) |
Nov 11 | DefCamp | Abusing Azure AD Pass-through Authentication Vulnerabilities | Slides (22 pp.) | Recording (31:17) |
Oct 26 | HäjySec October 2022 meetup | Azure AD Open-Source Intelligence (OSINT) | Slides (28 pp.) | Recording (01:01:02) |
Sep 28 | ISF Finland Chapter Autumn Meeting | How Researchers Defend Every Corner of Cyberspace | Slides (22 pp.) | N/A |
Sep 24 | RomHack 2022 | Attacking Azure AD by abusing Synchronisation API: The story behind 40.000 USD in bug bounties | Slides (43 pp.) | Recording (31:07) |
Sep 22 | Cloud Identity Summit 2022 | Azure AD Security Testing with AADInternals | Slides (36 pp.) | N/A |
Sep 16 | Prakticum Security Week | Cybersecurity career - I did it my way | Slides (21 pp.) | N/A |
Aug 12 | DEF CON Cloud Village | Making the most of Microsoft cloud bug bounty programs: How I made $65,000 USD in bounties in 2021 (after-recording). | Slides (18 pp.) | Recording (28:14) |
Aug 10 | BlackHat USA 2022 Arsenal | Secureworks® Primary Refresh Token (PRT) viewer. | Slides (11 pp.) | Recording (24:24) |
Jun 29 | TROOPERS22 | Eight ways to compromise AD FS certificates | Slides (41 pp.) | N/A |
May 18 | M365 Security & Compliance User Group UK | Deep-dive to Azure AD Join | 👇 | Recording (59:01) |
May 5 | Global Azure 2022 | Deep-dive to Azure AD Join | Slides (14 pp.) | Recording (1:08:05) |
Apr 27 | ICEIS2022 | Exploring Azure Active Directory Attack Surface: Enumerating Authentication Methods with Open-Source Intelligence Tools. | Slides (15 pp.) Paper (6 pp.) |
Recording (19:12) |
Mar 23 | Teams Nation 2022 | Slides (14 pp.) | Recording (46:10) |
2021
Date | Conference | Title | Slides | Recording |
---|---|---|---|---|
Nov 20 | HTMD Conference 2021 | Devices and Identities - The Foundation of Azure Active Directory Security. | Slides (22 pp.) | Recording (54:18) |
Nov 11 | Nordic Virtual Summit (2nd edition) | Identities and Devices - The Foundation of Azure Active Directory Security. | Slides (20 pp.) | Recording (53:54) |
Nov 11 | Black Hat Europe. Arsenal | AADInternals: The Swiss Army Knife for Azure AD & M365 | Slides (12 pp.) | Recording (39:03) |
Sep 30 | Cloud Identity Summit 2021 | Microsoft Zero Trust security model - Silver bullet or just another chase for the unicorn? | Slides (23 pp.) | Recording (54:14) |
Sep 17 | PDCConf 2021 | AADInternals: How did I built the ultimate Azure AD hacking tool from the scratch | Slides (25 pp.) | Recording (46:24) |
Sep 16 | Commsverse 2021 | Abusing Teams privacy, security, and compliance | Slides (18 pp.) | Recording (36:59) |
Aug 26 | HelSec August Virtual Meetup | Spoofing and Tampering with Azure AD Sign-ins log | Slides (22 pp.) | Recording (46:24) |
Jun 11 | Tonttu-koulutus (in Finnish) | Solorigate / Sunburst hyökkäys, suojaus- ja varautumistoimet, sekä korjaustoimenpiteet (in Finnish) | Slides (19 pp.) | Recording (48:19) |
May 5 | Teams Nation 2021 | Abusing Teams privacy, security, and compliance | Slides (19 pp.) | N/A |
Feb 27 | Scottish Summit 2021 | Abusing Azure Active Directory: Who would you like to be today? | Slides (48 pp.) | Recording (53:42) |
Jan 2 | Nordic Virtual Summit | Abusing Azure Active Directory: Who would you like to be today? | Slides (47 pp.) |