Writing Your Own Ticket to the Cloud Like APT - A Deep Dive to AD FS Attacks, Detections, and Mitigations

Dive into a comprehensive exploration of Azure Active Directory (Azure AD) security in this 42-minute Black Hat conference talk. Examine the vulnerabilities associated with identity federation and Microsoft Active Directory Federation Services (AD FS) in cloud environments. Learn about potential attack vectors, including manipulation of Security Assertion Markup Language (SAML) tokens and exploitation of token-signing certificates. Discover techniques used by advanced persistent threats (APTs) to gain unauthorized access to federated resources. Explore various attack methods such as namepipe connections, .NET reflection, PowerShell exploitation, and remote key manipulation. Gain insights into detection strategies and essential mitigations to protect your organization's cloud infrastructure. Equip yourself with the knowledge to strengthen your Azure AD security posture and defend against sophisticated cloud-based attacks.

Introduction
Namepipe Connections
Dotnet Reflection
Powershell
Synchronization
Network Connection
Key
Remote Method
Mitigations