Abusing Azure Active Directory at t2.fi 2019
On October 25th, I’ll be talking at t2.fi infosec conference in Helsinki. In this blog, I’ll tell what to expect in my Abusing Azure Active Directory: Who would you like to be today? presentation.
Abusing Azure Active Directory: Who would you like to be today?
The presentation description from the conference website:
Azure AD is used by Microsoft Office 365 and over 2800 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation and pass-through authentication. In this session, using AADInternals toolkit, I will demonstrate how to exploit these vulnerabilities to create backdoors, impersonate users, and bypass MFA.
So, what to expect?
Based on years of research, I’ll introduce three techniques to create backdoors to Azure AD/Office 365. I’ll also show how to create and use them with live demos using my AADInternals toolkit.
- Introduction to Azure AD identity options
- Creating a backdoor using pass-through authentication
- Creating a backdoor using Seamless Single-Sign-On (Requires AADInternals version 0.2.6)
- Creating a backdoor using identity federation
- Bypassing security boundaries with identity federation
New version of AADInternals
The new version of AADInternals (0.2.6) will be publicly available after the conference. It includes functionality to create spoofed Kerberos tokens, which in turn allows using Seamless SSO as a backdoor.