dirkjanm.io

Extending AD CS attack surface to the cloud with Intune certificates

Persisting on Entra ID applications and User Managed Identities with Federated Credentials

Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes

Phishing for Primary Refresh Tokens and Windows Hello keys

Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust

Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration

Abusing forgotten permissions on computer objects in Active Directory

Relaying Kerberos over DNS using krbrelayx and mitm6

NTLM relaying to AD CS - On certificates, printers and a little hippo

Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass