In cloud-managed environments, exposing one of your most sensitive assets to external attackers can be as simple as clicking a checkbox. This was the case for Bing.com with their Azure Active Directory (AAD) integration, where a single misconfiguration enabled us to bypass authentication, alter search results, and launch XSS attacks on its users stealing their Office 365 tokens. However, Bing was not an isolated case. By inventing a new scanning technique to remotely map AAD misconfigurations, we identified thousands of exposed applications across the internet.
In this talk, we will present our novel technique for hunting misconfigurations on Azure AD, one of the most common Identity Providers on the internet....
By: Hillai Ben-Sasson
Full Abstract and Presentation Materials: www.blackhat.com/us-23/briefi...