The majority of Fortune 500 organizations are using Azure Active Directory (Azure AD) as Identity and Access Management (IAM) solution. The high adoption rate makes Azure AD a lucrative target for threat actors, including state-sponsored actors like APT29/Nobelium.
Azure AD is leveraging Microsoft's not-so-well-documented Evolved Security Service (eSTS). eSTS hides multiple security token services so that users see only Azure AD.....
By: Sravan Akkaram , Nestori Syynimaa (DrAzureAD)
Full Abstract and Presentation Materials:
www.blackhat.com/asia-23/brie...