Office 365 blog

Everything about Microsoft 365 security

  • AAD & M365 KILL CHAIN
  • AAD INTERNALS
  • LINKS
  • POWERSHELL
  • TALKS
  • TOOLS

Onedrive

Bypassing OneDrive sync domain restrictions

Bypassing OneDrive sync domain restrictions

December 11, 2019 (Last Modified: January 19, 2020)

OneDrive has a security option to allow syncing only from PCs joined to specific domains. In this blog, using the latest AADInternals toolkit (announced at Black Hat Europe 2019), I’ll show how the domain restrictions can be easily bypassed.

Recent Posts

  • Stealing and faking Azure AD device identities
  • Microsoft partners: The Good, The Bad, or The Ugly?
  • AADInternals admin and blue team tools
  • Spoofing Azure AD sign-ins logs by imitating AD FS Hybrid Health Agent
  • Exporting AD FS certificates revisited: Tactics, Techniques and Procedures

Categories

  • Article
  • Blog

Social

Twitter
LinkedIn
nestori.syynimaa@gerenios.com

Tags

aadconnect (2) aadinternals (9) active-directory (1) adfs (5) admin (3) administration (1) authentication (1) azure (19) azure-active-directory (26) azuread (4) blackhat (1) blue-team (1) bprt (2) browser (1) compromise (1) conferences (1) desktop-sso (1) device (2) dns (3) email (2) encryption (1) exchange (1) federation (2) forensics (1) gdpr (1) global-administrator (1) graph (1) groups (1) guest (2) hybrid-join (2) identity (2) inactive (1) insider (1) intune (1) join (2) logs (1) mailbox (1) mdm (1) mfa (6) office-365 (9) office365 (9) on-prem (2) onedrive (1) outsider (2) partner (2) password (1) persistence (1) phishing (2) planner (1) powershell (13) prt (5) pta (1) recon (2) reconnaissance (4) seamless-sso (1) security (30) sso (2) sync (1) synchronisation (1) t2 (1) talks (1) teams (3) user (1) virtual-machine (1)