Bypass Azure Admin Approval Mode for User Consent Workflow When Enumerating In this short blog post we will see a trick/technique to enumerate an Azure environment when the User App Consent Workfl...
Finding TeamViewer 0days - Part III
Finding TeamViewer 0days. Part 3: Putting it all together. PARTY TIME :)! Now comes the interesting part. I am sorry about the two last lazy parts, but I wanted to explain the whole process :). B...
Finding TeamViewer 0days - Part II
Finding TeamViewer 0days. Part 2: Reversing the Authentication Protocol I started reversing the client in order to find how the authentication was being made. I will skip this whole part as I fina...
Finding TeamViewer 0days - Part I
Finding TeamViewer 0days. Part 1: The story begins This series of blog posts are about some findings related to TeamViewer (TV) IPC communication with its SYSTEM service. I was trying to find some...
Diamond And Sapphire Tickets
Kerberos Diamond and Sapphire Tickets As you may known, one of the approaches for persistence in a Windows Active Directory are the well-known techniques Golden Ticket and Silver Ticket. In the po...
Playing With Windows Security - Part 2
Kerberos Authentication Protocol After the first part at which we talked about authentication in Windows and explained how attacks like Pass-The-Hash works. At this part we are going to analyse Ke...
Playing With Windows Security - Part 1
Windows Authentication. In this first part of Windows hacking we will be covering aspects related on how Windows authentication works. I’m coming from Linux ecosystem so sometimes I will try to co...