Researchers detected a new SaaS vulnerability within Microsoft’s OAuth application registration. Through this vulnerability, anyone can leverage Exchange’s legacy API to create hidden forwarding rules in O365 mailboxes. This talk will demo the OAuth registration process in Microsoft as well as the use of the new vulnerability.


RSA® Conference, the world’s leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year’s event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations across crypto and blockchain.

The SaaS RootKit: A New Attack Vector for Hidden Forwarding Rules in O365

Conference: RSA Conference 2022

Abstract

Post a comment

Related work

Defending against chained attacks on your SSO/OAuth identity system

Preventing Authentication Bypass: A Tale of Two Researchers

Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear

He Said, She Said – Poisoned RDP Offense and Defense

From Security Testing To Deployment In a Single PR

Preventing subdomain takeover with OWASP Domain Protect