%TEMP%
@TEMP43487580
Red Team | Beginner @secureworks
GraphSpy was extremely powerfull in the last engagement, and happy to see pytune integrated with it👏
⚒️ 𝑪𝒓𝒐𝒔𝒔 𝒕𝒐𝒐𝒍 𝒔𝒖𝒑𝒑𝒐𝒓𝒕 — Import/Export device certificates, Primary Refresh Tokens, and WinHello keys to easily switch between your favorite tools (e.g. roadtools, AADInternals, pytune, ...) while keeping track of all your certificates/tokens/keys in GraphSpy.
This is awesome work @TEMP43487580 ! SCCM recon from the MP
Uploaded mprecon, a tiny script I made while learning SCCM. It pulls info from MP server like DP locations, site version, build number, SMSID, and device's primary user etc. No special privileges are required. Sometimes works without authentication🤯 github.com/temp43487580/m…
The slides from #TROOPERS25 are now available🔥 The key point in the talk is that Device Registration Service is often forgotten in Conditional Access, leading to various abuse. This talk introduces one of the examples and explains lateral movement tips. troopers.de/downloads/troo…
It was great to attend #TROOPERS25! Beautiful city, nice weather, talented researchers. My talk was just based on how Entra works but I hope it contributed to the community. Thanks for everyone I had a chance to talk to! No jet lug now. Time to go home😂 github.com/temp43487580/E…
Since several people already asked: the slides from @fabian_bader and myself for @WEareTROOPERS are available! "Finding Entra ID CA bypasses-the structured way". We talked about FOCI, BroCI, CA bypasses, scopes and getting tons of tokens. Check it at dirkjanm.io/talks/
One of the results of the joined research with @_dirkjan is entrascopes.com Basically the yellow pages for Microsoft first party apps. #TROOPERS25
Excited to share that our proposal for BSidesLV, led by Fumiya IMAI, got accepted! Stay tuned for more details!
Happy to share that my talk "The Ultimate Guide for Protecting Hybrid Identities in Entra ID" was accepted to @WEareTROOPERS! troopers.de/troopers25/tal…
Incredible line-up for the #TROOPERS25 AD & Entra ID Security Track, featuring @Jonas_B_K @martinhaller_IT @_dirkjan @fabian_bader @DrAzureAD @ShitSecure @subat0mik & many more linkedin.com/posts/enno-rey…
Great talk from blackhat Europe! It shows a lot more than the intune bypass we all know! Thanks for another great talk 🙂 @TEMP43487580 youtu.be/YX5P99JUwlw?si…
The rumours are true! I'll be back at @WEareTROOPERS this year for a joint talk with @fabian_bader! We'll talk about signing in to all the apps, the challenges that brings and how to request 600k different tokens in 20 minutes 😅
Looking forward to entering the stage together with @_dirkjan and our talk "Finding Entra ID CA Bypasses - the structured way" #TROOPERS25
First round of #TROOPERS25 talks published: troopers.de/troopers25/tal…
My talk accepted for this year's Troopers! Very excited to discuss Entra ID's attack technique in Heidelberg! 🇩🇪 #TROOPERS25 @WEareTROOPERS
I was too lazy to implement this before, but I've now added support for proxy usage to Pytune. It helped when sending authentication traffic through a target network during red teaming github.com/secureworks/py…
stuck in implementing gss_wrap function when AcceptorSubkey is not set. Need advice if anyone knows good implementation
TokenSmith - Bypassing Intune Compliant Device Conditional Access labs.jumpsec.com/tokensmith-byp… #redteam