Главная
Study mode:
on
1
Intro
2
Resources
3
Resource Group
4
Management Groups
5
Architecture Example
6
Azure Resource Manager Role Based Access Control (RBAC)
7
Azure Active Directory (AAD) Fundamentals
8
Application API Access
9
Applications & Service Principals Authentication
10
Azure Active Directory Roles
11
Gaining Foothold - AD Connect Abuse
12
Internal Reconnaissance Phase
13
Azure Active Directory Role Assignment Enumeration
14
Azure Application Registration Graph App Roles Permissions
15
Attack Scenarios
16
Azure Command Line Tools
17
From Azure Active Directory to the Resource Manager
18
User Updates Application Secret
19
from Resource Manager to Azure Active Directory
20
Azure Function App - Architecture
21
List Function App Host Keys
22
OneDrive App Registration App Roles Permission
23
From one on-prem Machine to Another on- prem Machine
24
Prerequisites
25
Azure Tokens
26
Reset Application Password
27
Enumerating the Intune Application Permissions
28
Intune App graph app role permissions
29
Intune Script Creation
30
Assign Intune Script to a Group
31
Best Practice - Logs Logs Logs
32
Least Privilege Concept
33
Azure Resource Manager RBAC Permissions - Least Privilege
34
Privileged Identity Management - PIM
35
Azure Active Directory Identity Protection
36
Conditional Access
37
XMGoat - Compromise the Subscription
Description:
Explore attack scenarios exploiting Azure Active Directory in this comprehensive conference talk from HITB Cybersecurity Week 2021. Delve into the integration of Azure IaaS services and Office 365 products, examining how centralized permissions and roles can be exploited. Learn about core Azure AD concepts, including users, groups, role definitions, assignments, applications, and service principals. Discover various privilege escalation techniques that grant attackers access to sensitive information, Azure IaaS services, and Office 365. Gain insights into attacks that can lead to full control over Azure AD tenants and IaaS services. Conclude with mitigation recommendations and best practices for securing Azure AD, equipping you with essential knowledge to protect your organization's cloud infrastructure.

Attack Scenarios Abusing Azure Active Directory

Hack In The Box Security Conference
Add to list
#Conference Talks #Hack In The Box Security Conference #Information Security (InfoSec) #Penetration Testing #Programming #Cloud Computing #Microsoft Azure #Azure Active Directory #Computer Science #Role-Based Access Control #Cybersecurity #Privilege Escalation #Azure Security
1 of 37

Intro