Eric Woodruff
UnOAuthorized: The discovered path to privilege elevation to Global Administrator
slides: romhack.io/wp-...
For customers of Microsoft 365 and Azure, obtaining the role of Global Administrator (GA) is every attacker’s dream - it is the Domain Administrator of the cloud. This makes Global Administrator every organization’s nightmare of being owned by a threat group or hacker. Luckily, well-defined role-based access control and a strict application consent model can severely limit who gets their fingers on Global Administrator - or does it?
This talk explores a novel discovery that resulted in privilege elevation to Global Administrator in Entra ID (Azure AD), found in a place and through a way least expected. Part conversation about the research background, part discussion of the foundational components involved, this talk will walk step-by-step through the path to privilege elevation and obtaining Global Administrator. While Microsoft has resolved the underlying vulnerability, we will also cover the markers organizations can look for to determine if they were targeted by this abuse.
romhack.io/rom...