BingBang - Hacking Bing.com with Azure Active Directory
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a groundbreaking Black Hat conference talk that unveils a novel technique for identifying Azure Active Directory (AAD) misconfigurations. Discover how a single checkbox led to bypassing authentication, altering search results, and launching XSS attacks on Bing.com users, compromising their Office 365 tokens. Learn about the innovative scanning method developed to remotely map AAD misconfigurations, revealing thousands of exposed applications across the internet. Gain insights into the potential vulnerabilities in cloud-managed environments and the far-reaching implications of seemingly minor configuration choices. Presented by Hillai Ben-Sasson, this 34-minute talk delves into the intricacies of cloud security, offering valuable lessons for cybersecurity professionals and organizations relying on Azure AD.
Syllabus
BingBang: Hacking Bing.com (and much more) with Azure Active Directory
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube