Cloudy with a Chance of APT - Novel Microsoft 365 Attacks in the Wild
Offered By: Black Hat via YouTube
Course Description
Overview
Explore novel techniques used by APT groups to persistently access and extract data from Microsoft 365 in this 45-minute Black Hat conference talk. Gain insights into the technical underpinnings of these attacks, including disabling security features, manipulating mailbox folder permissions, and exploiting application vulnerabilities. Learn about potential extensions of these techniques and prepare your organization for emerging threats. Discover how attackers abuse app registrations, perform key derivation, and execute enterprise application hijacking. Understand the motivations behind these attacks and equip yourself with the knowledge to detect and mitigate these advanced persistent threats in cloud environments.
Syllabus
Intro
What's Going On?
Disabling Security Features
Mailbox Folder Permissions
Common Permissions
Detection
Types of Applications
Application Permissions
Secrets and Certificates
Enterprise Application Hijacking
Abuse of App Registrations
Key Derivation
Farmville
Replicating
Why?
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube