Bypass Azure Admin Approval Mode for User Consent Workflow When Enumerating In this short blog post we will see a trick/technique to enumerate an Azure environment when the User App Consent Workfl...

Finding TeamViewer 0days. Part 3: Putting it all together. PARTY TIME :)! Now comes the interesting part. I am sorry about the two last lazy parts, but I wanted to explain the whole process :). B...

Finding TeamViewer 0days. Part 2: Reversing the Authentication Protocol I started reversing the client in order to find how the authentication was being made. I will skip this whole part as I fina...

Finding TeamViewer 0days. Part 1: The story begins This series of blog posts are about some findings related to TeamViewer (TV) IPC communication with its SYSTEM service. I was trying to find some...

Kerberos Diamond and Sapphire Tickets As you may known, one of the approaches for persistence in a Windows Active Directory are the well-known techniques Golden Ticket and Silver Ticket. In the po...

Kerberos Authentication Protocol After the first part at which we talked about authentication in Windows and explained how attacks like Pass-The-Hash works. At this part we are going to analyse Ke...

Windows Authentication. In this first part of Windows hacking we will be covering aspects related on how Windows authentication works. I’m coming from Linux ecosystem so sometimes I will try to co...