Abusing Azure Active Directory at t2.fi 2019

Abusing Azure Active Directory at t2.fi 2019

On October 25th, I’ll be talking at t2.fi infosec conference in Helsinki. In this blog, I’ll tell what to expect in my Abusing Azure Active Directory: Who would you like to be today? presentation.

Abusing Azure Active Directory: Who would you like to be today?

The presentation description from the conference website:

Azure AD is used by Microsoft Office 365 and over 2800 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation and pass-through authentication. In this session, using AADInternals toolkit, I will demonstrate how to exploit these vulnerabilities to create backdoors, impersonate users, and bypass MFA.

So, what to expect?

Presentation

Based on years of research, I’ll introduce three techniques to create backdoors to Azure AD/Office 365. I’ll also show how to create and use them with live demos using my AADInternals toolkit.

Presentation includes:

New version of AADInternals

The new version of AADInternals (0.2.6) will be publicly available after the conference. It includes functionality to create spoofed Kerberos tokens, which in turn allows using Seamless SSO as a backdoor.

Dr Nestori Syynimaa (@DrAzureAD) avatar
About Dr Nestori Syynimaa (@DrAzureAD)
Dr Syynimaa works as Senior Principal Information Security Researcher at Secureworks CTU (Counter Threat Unit).
Before moving to his current position, Dr Syynimaa worked as a CIO, consultant, trainer, and university lecturer for over 20 years. He is a regular speaker in scientific and professional conferences related to Microsoft 365 and Azure AD security.

Dr Syynimaa is Microsoft Certified Expert (Microsoft 365), Microsoft Certified Azure Solutions Architect Expert, Microsoft Certified Trainer, Microsoft MVP (Enterprise Mobility, Identity and Access & Intune), and Microsoft Most Valuable Security Researcher (MVR).
comments powered by Disqus