Microsoft worked hard to integrate Azure IaaS services and Office365 products into one ecosystem. All permissions and roles are now centralized, and this makes administration so much simpler. And from the attacker's perspective, it's also great! They can abuse just a few simple APIs, and reap the benefits in exploits of Office 365 products, IaaS services, and Azure Active Directory (AAD).
Currently, security research around Azure AD and Office 365 is lacking. Only a few people and companies are working in the field. However, the myriad organizations that are using Azure AD and Office 365 are not sufficiently aware of the potential misconfigurations due to excessive privileges inside their organization.
In our session, we want to improve the state of research surrounding Azure AD.
First, we’ll examine the theory behind Azure AD. We’ll clear up core concepts surrounding Azure AD. Users and groups, role definitions, role assignments, applications, and service principals - all need to be differentiated. Then we’ll examine the relations between these concepts.
After the theory and the concepts have been elucidated, we’ll take a deep dive into a number of privilege escalation techniques. We’ll demonstrate how each gives the attacker access to sensitive information. Among others, we’ll show you:
Attacks to gain control over different types of your Azure IaaS services, such as Azure VMs and databases
Attacks to gain complete control over your Azure AD tenant
Attacks to gain access to your Office365 Services
We won’t stop with just showing you what the attacker could do. To conclude, we’ll provide you with our mitigation recommendations and best practices for securing Azure AD.
===
Bill Ben Haim is an experienced information security researcher, skilled in red teaming and penetration testing. Prior to joining XM Cyber, he was working at Anheuser-Busch InBev as the tech lead of their Internal Red Team group . Prior to that Bill worked in Ernst and Young started as information security consultant and became the Tech leader of the advanced security center in Israel.
Bill is a great fan of bug bounty and found vulnerabilities on the following comapnies: Imperva, Netflix, Netgear, General Motors, U.S. Dept of Defense and more..
Certifications - OSCP, OSCE
---
Zur Ulianitzky is an experienced information security researcher, skilled in red teaming and penetration testing. Prior to joining XM Cyber, he worked as information security consultant at Ernst & Young. Prior to that during his military service with the Israel Defense Forces, he served as software engineer and team leader.
Certification: BSc in Software Engineering