Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)

Presented at Black Hat USA 2019, Aug. 7, 2019, 11:15 a.m. (50 minutes)

The allure of the "Cloud" is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and resources. The Cloud is a new paradigm and the rapid update pace makes it difficult to keep up, especially when it comes to security. <br> <br>This presentation focuses on the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation. While the content is focused on the Microsoft Cloud, some of the attack and defense topics are applicable to other cloud providers and are noted where applicable. <br> <br>Key items covered: <br><ul><li>Attacks against the Cloud </li><li>Account compromise and token theft </li><li>Methods to detect attack activity </li><li>Cloud identity firewall </li><li>Securing cloud infrastructure against attacks </li><li>Secure cloud administration</li></ul>

Presenters:

• Mark Morowczynski - Principal Program Manager, Microsoft
  Mark Morowczynski is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He was also one of the founders of the AskPFEPlat blog. He's spoken at various industry events such as Microsoft Ignite, Microsoft Inspire, Microsoft Ready, Microsoft MVP Summits, The Cloud Identity Summit, SANs Security Summits and TechMentor. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.
• Sean Metcalf - CTO, Trimarc
  Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and posts interesting Active Directory security information on his blog, ADSecurity.org. 

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#attacking-and-defending-the-microsoft-cloud-office-365--azure-ad-14553
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD).mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD).en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=SG2ibjuzRJM

Similar Presentations:

• Black Hat USA 2019 / Death to the IOC: What's Next in Threat Intelligence
• Black Hat USA 2019 / Behind the Scenes of Intel Security and Manageability Engine
• 31C3 (2014) / Beyond PNR: Exploring airline systems