How does one research the cloud? With solutions such as Azure AD and Office 365, the underlying platform architecture and designs are not publicly documented or accessible in the same way as on-premise. This makes analyzing the security of the platform harder for external researchers. In this talk I will explain the journey and discoveries of a year of trying to understand Azure AD, including the vulnerabilities discovered in the process.
This ranges from gathering information about Azure AD via undocumented APIs to installing invisible backdoors and escalating privileges via limited roles or via the link with on-premise. While some of these vulnerabilities have been resolved, several of these are unintended consequences of Azure AD's architecture and thus are important to consider when evaluating the security of your Azure AD environment.
The session will be held by Dirk-jan Mollema. Dirk-jan is one of the core researchers of Active Directory and Azure AD at Fox-IT. Amongst the open source tools published to advance the state of AD research are aclpwn, krbrelayx, mitm6 and a Python port of BloodHound. He blogs at dirkjanm.io, where he publishes about new Active Directory attack chains, which included the discovery of the PrivExchange vulnerability. He is also co-author of ntlmrelayx and contributor to several other open source tools and libraries. He presented previously at TROOPERS, DEF CON and BLueHat and was part of the 75 MSRC most valuable researchers 2018/2019 through his Azure AD research.
Kom og lær fra en av de beste i verden på Azure AD! Hvis du virkelig vil beskytte din Azure AD, da må du ikke gå glipp av denne sesionen.