Abusing Azure Active Directory: Who Would You Like To Be Today?

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration)

Azure AD is used by Microsoft Office 365 and over 2900 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation, pass-through authentication, and seamless single-sign-on.

In this session, using AADInternals PowerShell module, the exploitation of these vulnerabilities to create backdoors, impersonate users, and bypass MFA are demonstrated.

The purpose of this session is to raise awareness of the importance of the principle of least privilege and the role of on-prem security to cloud security.

Presenters:

• Dr. Nestori Syynimaa - Gerenios Ltd
  Dr Nestori Syynimaa is one of the leading Office 365 experts in the world and the developer of AADInternals toolkit. He has worked with Microsoft cloud services over a decade and has been MCT since 2013. Currently, Dr Syynimaa works as a CIO for eight cities and municipalities in Finland and runs his own consulting business. Before moving to his current position, Dr Syynimaa worked as a consultant, trainer, researcher, and university lecturer for almost 20 years. Dr Syynimaa has been speaking at many international scientific and professional conferences, including IEEE TrustCom 2018, TechMentor Orlando 2017 & 2018, TechMentor Seattle 2018, and Black Hat USA & Europe 2019

Links:

• https://deepsec.net/archive/2020.deepsec.net/speaker.html#PSLOT469

Similar Presentations:

• Black Hat USA 2022 / Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
• DEF CON 30 (2022) / AADInternals: The Ultimate Azure AD Hacking Toolkit Demo
• Black Hat USA 2022 / AAD Joined Machines - The New Lateral Movement