Talks

On this page you’ll find recordings and slides from my conference talks around the 🌎🌏🌍. Enjoy!

Mobile device users: View horizontally 📟 to see all the columns.

2024

Date Conference Title Slides Recording
Jun 26 Troopers 2024 Exploiting Token-Based Authentication: Attacking and Defending Identities in the 2020s. Slides (39 pp.) Recording (51:03)

2023

Date Conference Title Slides Recording
Oct 26 Dell Technologies Forum Sweden How Researchers Defend Every Corner of Cyberspace Slides (31 pp.) Recording (25:51)
Oct 19 Wild West Hackin’ Fest Hacking Azure AD Identities Slides (21 pp.) Recording (54:33)
Oct 11 BlueHat 2023 (October) “It’s by-design” Slides (44 pp.) Recording (39:23)
Aug 12 DEF CON Recon Village Azure AD OSINT Slides (37 pp.) Recording (27:12)
Aug 12 DEF CON 31 From Feature to Weapon: Breaking Microsoft Teams and SharePoint integrity Slides (40 pp.) Recording (34:20)
Jun 28 TROOPERS23 Dumping NTHashes from Azure AD Slides (49 pp.) Recording (50:04)
May 19 NorthSec 2023 Workshop: Tokens, everywhere! Slides (51 pp.) Recording (stream) (1:54:06)
May 12 Black Hat Asia 2023 Abusing Azure Active Directory. From MFA Bypass to Listing Global Administrators Slides (28 pp.) Recording (37:58)
May 5 t2 DoSing Azure AD Slides (42 pp.) N/A
Feb 10 BlueHat 2023 (February) STRIKE From the Trenches: Working with Microsoft as a Researcher Slides (33 pp.) Recording (39:49)
Feb 8 IT-DEFENSE 2023 Consequences of Trust in Azure Active Directory Slides (31 pp.) N/A

2022

Date Conference Title Slides Recording
Dec 8 Black Hat Europe 2022 Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations Slides (81 pp.)
github
Recording (42:07)
Dec 7 Black Hat Europe 2022 Arsenal AADInternals: The Swiss Army Knife for Azure AD & Microsoft 365 Slides (11 pp.) Recording (screen) (01:04:12)
Nov 19 BSides Orlando Attacking Azure Active Directory Under-The-Radar Slides (31 pp.) Recording (stream) (46:30)
Nov 11 DefCamp Abusing Azure AD Pass-through Authentication Vulnerabilities Slides (22 pp.) Recording (31:17)
Oct 26 HäjySec October 2022 meetup Azure AD Open-Source Intelligence (OSINT) Slides (28 pp.) Recording (01:01:02)
Sep 28 ISF Finland Chapter Autumn Meeting How Researchers Defend Every Corner of Cyberspace Slides (22 pp.) N/A
Sep 24 RomHack 2022 Attacking Azure AD by abusing Synchronisation API: The story behind 40.000 USD in bug bounties Slides (43 pp.) Recording (31:07)
Sep 22 Cloud Identity Summit 2022 Azure AD Security Testing with AADInternals Slides (36 pp.) N/A
Sep 16 Prakticum Security Week Cybersecurity career - I did it my way Slides (21 pp.) N/A
Aug 12 DEF CON Cloud Village Making the most of Microsoft cloud bug bounty programs: How I made $65,000 USD in bounties in 2021 (after-recording). Slides (18 pp.) Recording (28:14)
Aug 10 BlackHat USA 2022 Arsenal Secureworks® Primary Refresh Token (PRT) viewer. Slides (11 pp.) Recording (24:24)
Jun 29 TROOPERS22 Eight ways to compromise AD FS certificates Slides (41 pp.) Recording (54:51)
May 18 M365 Security & Compliance User Group UK Deep-dive to Azure AD Join 👇 Recording (59:01)
May 5 Global Azure 2022 Deep-dive to Azure AD Join Slides (14 pp.) Recording (1:08:05)
Apr 27 ICEIS2022 Exploring Azure Active Directory Attack Surface: Enumerating Authentication Methods with Open-Source Intelligence Tools. Slides (15 pp.)
Paper (6 pp.)
Recording (19:12)
Mar 23 Teams Nation 2022 Deep Regular dive to Teams Internal APIs. Slides (14 pp.) Recording (46:10)

2021

Date Conference Title Slides Recording
Nov 20 HTMD Conference 2021 Devices and Identities - The Foundation of Azure Active Directory Security. Slides (22 pp.) Recording (54:18)
Nov 11 Nordic Virtual Summit (2nd edition) Identities and Devices - The Foundation of Azure Active Directory Security. Slides (20 pp.) Recording (53:54)
Nov 11 Black Hat Europe. Arsenal AADInternals: The Swiss Army Knife for Azure AD & M365 Slides (12 pp.) Recording (39:03)
Sep 30 Cloud Identity Summit 2021 Microsoft Zero Trust security model - Silver bullet or just another chase for the unicorn? Slides (23 pp.) Recording (54:14)
Sep 17 PDCConf 2021 AADInternals: How did I built the ultimate Azure AD hacking tool from the scratch Slides (25 pp.) Recording (46:24)
Sep 16 Commsverse 2021 Abusing Teams privacy, security, and compliance Slides (18 pp.) Recording (36:59)
Aug 26 HelSec August Virtual Meetup Spoofing and Tampering with Azure AD Sign-ins log Slides (22 pp.) Recording (46:24)
Jun 11 Tonttu-koulutus (in Finnish) Solorigate / Sunburst hyökkäys, suojaus- ja varautumistoimet, sekä korjaustoimenpiteet (in Finnish) Slides (19 pp.) Recording (48:19)
May 5 Teams Nation 2021 Abusing Teams privacy, security, and compliance Slides (19 pp.) N/A
Feb 27 Scottish Summit 2021 Abusing Azure Active Directory: Who would you like to be today? Slides (48 pp.) Recording (53:42)
Jan 2 Nordic Virtual Summit Abusing Azure Active Directory: Who would you like to be today? Slides (47 pp.)
Dr Nestori Syynimaa (@DrAzureAD) avatar
About Dr Nestori Syynimaa (@DrAzureAD)
Dr Syynimaa works as Principal Identity Security Researcher at Microsoft Security Research.
Before his security researcher career, Dr Syynimaa worked as a CIO, consultant, trainer, and university lecturer for over 20 years. He is a regular speaker in scientific and professional conferences related to Microsoft 365 and Entra ID (Azure AD) security.

Before joining Microsoft, Dr Syynimaa was Microsoft MVP in security category and Microsoft Most Valuable Security Researcher (MVR).