logo
allArticlesConferencesPresentations

Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD) 

Conference:  BlackHat USA 2019

2019-08-07

Summary

The presentation focuses on attacking and defending the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation.
  • The allure of the Cloud is indisputable and organizations are moving into the cloud at a rapid pace.
  • The presentation focuses on the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation.
  • Key items covered include attacks against the Cloud, account compromise and token theft, methods to detect attack activity, cloud identity firewall, securing cloud infrastructure against attacks, and secure cloud administration.
  • An anecdote is given about a fictional company, Acme, and how they moved to the cloud and the potential security risks they face.
The presentation introduces a fictional company, Acme, which is the largest manufacturer and distributor of anvils in the world. Acme is considering moving their business to the cloud, but they are unsure if it is the right thing to do or how to get started. The presentation discusses the potential security risks that Acme and other companies face when moving to the cloud.

Abstract

The allure of the "Cloud" is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and resources. The Cloud is a new paradigm and the rapid update pace makes it difficult to keep up, especially when it comes to security. This presentation focuses on the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation. While the content is focused on the Microsoft Cloud, some of the attack and defense topics are applicable to other cloud providers and are noted where applicable. Key items covered: Attacks against the Cloud Account compromise and token theft Methods to detect attack activity Cloud identity firewall Securing cloud infrastructure against attacks Secure cloud administration
Materials:
Slides
Tags:

Post a comment

Related work

New Phishing Attacks Exploiting OAuth Authentication Flows

Conference:  Defcon 29
Authors:
2021-08-01

Token Theft: Hip Kids Are Doing It. Now What Are We Going to Do About It?

Conference:  RSA Conference 2022
Authors:
2022-06-06

From Feature to Weapon: Breaking Microsoft Teams and SharePoint Integrity

Conference:  Defcon 31
Authors: Dr Nestori Syynimaa Senior Principal Security Researcher, Secureworks
2023-08-01

My Cloud is APT's Cloud: Investigating and Defending Office 365

Conference:  BlackHat USA 2020
Authors:
2020-08-06

Defending Against New Phishing Attacks that Abuse OAuth Authorization Flows

Conference:  RSA Conference 2022
Authors:
2022-06-06

Fighting Where They Aren't: How Attackers Avoid Endpoints in Modern Attacks

Conference:  RSA Conference 2021
Authors:
2021-05-17