Abusing Azure Active Directory at t2.fi 2019

Abusing Azure Active Directory at t2.fi 2019

On October 25th, I’ll be talking at t2.fi infosec conference in Helsinki. In this blog, I’ll tell what to expect in my Abusing Azure Active Directory: Who would you like to be today? presentation.

Abusing Azure Active Directory: Who would you like to be today?

The presentation description from the conference website:

Azure AD is used by Microsoft Office 365 and over 2800 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation and pass-through authentication. In this session, using AADInternals toolkit, I will demonstrate how to exploit these vulnerabilities to create backdoors, impersonate users, and bypass MFA.

So, what to expect?


Based on years of research, I’ll introduce three techniques to create backdoors to Azure AD/Office 365. I’ll also show how to create and use them with live demos using my AADInternals toolkit.

Presentation includes:

New version of AADInternals

The new version of AADInternals (0.2.6) will be publicly available after the conference. It includes functionality to create spoofed Kerberos tokens, which in turn allows using Seamless SSO as a backdoor.

Dr Nestori Syynimaa avatar
About Dr Nestori Syynimaa
Dr Syynimaa works as a CIO of eight cities and municipalities surrounding Tampere, the largest inland city in Nordic countries. He also runs his own consultation business Gerenios. Before moving to his current position, Dr Syynimaa worked as a consultant, trainer, and university lecturer for almost 20 years. He is a regular speaker on Office 365 and Azure security in scientific and professional conferences. Dr Syynimaa is Microsoft Certified Expert (Microsoft 365) and Microsoft Certified Trainer.
comments powered by Disqus