Persisting on Entra ID applications and User Managed Identities with Federated Credentials 7 minute read... 2024-8-1 02:0:57 | 阅读: 7 | 收藏 | dirkjanm.io - dirkjanm.io federated entra identities roadoidc idp

Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes 10 minute read... 2024-5-6 21:0:57 | 阅读: 11 | 收藏 | dirkjanm.io - dirkjanm.io tap prt windows taps

Phishing for Primary Refresh Tokens and Windows Hello keys 11 minute read... 2023-10-11 00:8:57 | 阅读: 20 | 收藏 | dirkjanm.io - dirkjanm.io phishing prt whfb microsoft

Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust 19 minute read... 2023-6-13 19:8:57 | 阅读: 17 | 收藏 | dirkjanm.io - dirkjanm.io premises prt cloud privileges rodc

Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD auth, Primary Refresh Token (ab)use and device registration Ever since the initial release of ROADrecon and the ROADtools framework I have bee... 2022-11-9 19:8:57 | 阅读: 13 | 收藏 | dirkjanm.io roadtx prt keepass selenium

Abusing forgotten permissions on computer objects in Active Directory 9 minute read... 2022-7-12 00:8:57 | 阅读: 6 | 收藏 | dirkjanm.io bloodhound aces msds 11d0

Relaying Kerberos over DNS using krbrelayx and mitm6 11 minute read... 2022-2-23 02:8:57 | 阅读: 13 | 收藏 | dirkjanm.io victim client mitm6 krbrelayx

NTLM relaying to AD CS - On certificates, printers and a little hippo 14 minute read... 2021-7-29 01:8:57 | 阅读: 5 | 收藏 | dirkjanm.io pkinit relaying machine whitepaper

Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass 24 minute read... 2021-6-11 02:8:57 | 阅读: 14 | 收藏 | dirkjanm.io forest drw cloud sids trusts

A different way of abusing Zerologon (CVE-2020-1472) 17 minute read... 2020-9-25 03:0:0 | 阅读: 24 | 收藏 | dirkjanm.io machine zerologon netlogon relaying

Digging further into the Primary Refresh Token 19 minute read... 2020-8-6 02:38:0 | 阅读: 8 | 收藏 | dirkjanm.io prt derived cloudap tpm mimikatz

Abusing Azure AD SSO with the Primary Refresh Token 21 minute read... 2020-7-21 23:57:0 | 阅读: 8 | 收藏 | dirkjanm.io prt sso chrome browsercore joined

Introducing ROADtools - The Azure AD exploration framework 15 minute read... 2020-4-16 18:0:0 | 阅读: 10 | 收藏 | dirkjanm.io database roadrecon roadtools bloodhound

Updating adconnectdump - a journey into DPAPI Last year when I started playing with Azure I looked into Azure AD connect and how... 2019-12-12 01:8:57 | 阅读: 17 | 收藏 | dirkjanm.io keyset database masterkey adsync mimikatz

Office 365 network attacks - Gaining access to emails and files via an insecure Reply URL One of the main powers of Office 365 is the tight integration between all the onli... 2019-10-15 01:8:57 | 阅读: 11 | 收藏 | dirkjanm.io microsoft attacker network victim client

Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin - dirkjanm.io 7 minute read... 2019-08-23 22:46:33 | 阅读: 55 | 收藏 | dirkjanm.io exchange attacker ntlmrelayx