logo

The SaaS RootKit: A New Attack Vector for Hidden Forwarding Rules in O365

Conference:  RSA Conference 2022

2022-06-06

Abstract

Researchers detected a new SaaS vulnerability within Microsoft’s OAuth application registration. Through this vulnerability, anyone can leverage Exchange’s legacy API to create hidden forwarding rules in O365 mailboxes. This talk will demo the OAuth registration process in Microsoft as well as the use of the new vulnerability.

Materials:

Tags: