Abusing Azure Active Directory at t2.fi 2019

Abusing Azure Active Directory at t2.fi 2019

On October 25th, I’ll be talking at t2.fi infosec conference in Helsinki. In this blog, I’ll tell what to expect in my Abusing Azure Active Directory: Who would you like to be today? presentation.

Abusing Azure Active Directory: Who would you like to be today?

The presentation description from the conference website:

Azure AD is used by Microsoft Office 365 and over 2800 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation and pass-through authentication. In this session, using AADInternals toolkit, I will demonstrate how to exploit these vulnerabilities to create backdoors, impersonate users, and bypass MFA.

So, what to expect?


Based on years of research, I’ll introduce three techniques to create backdoors to Azure AD/Office 365. I’ll also show how to create and use them with live demos using my AADInternals toolkit.

Presentation includes:

New version of AADInternals

The new version of AADInternals (0.2.6) will be publicly available after the conference. It includes functionality to create spoofed Kerberos tokens, which in turn allows using Seamless SSO as a backdoor.

Dr Nestori Syynimaa (@DrAzureAD) avatar
About Dr Nestori Syynimaa (@DrAzureAD)
Dr Syynimaa works as Principal Identity Security Researcher at Microsoft Security Research.
Before his security researcher career, Dr Syynimaa worked as a CIO, consultant, trainer, and university lecturer for over 20 years. He is a regular speaker in scientific and professional conferences related to Microsoft 365 and Entra ID (Azure AD) security.

Before joining Microsoft, Dr Syynimaa was Microsoft MVP in security category and Microsoft Most Valuable Security Researcher (MVR).