Overview
Dive into a comprehensive exploration of attack vectors and defense strategies for the Microsoft Cloud, focusing on Office 365 and Azure AD, in this 50-minute Black Hat presentation. Learn about common threats such as password spraying, DNS attacks, and breach replay, while discovering effective countermeasures including conditional access, multi-factor authentication, and robust password policies. Gain insights into cloud administration, app permissions, and monitoring techniques to enhance your organization's security posture. Although centered on Microsoft's ecosystem, many concepts apply to other cloud providers as well. Equip yourself with the knowledge to protect your cloud infrastructure and stay ahead of potential threats in this informative session presented by Sean Metcalf and Mark Morowczynski.
Syllabus
Introduction
Overview
DNS
Password Spraying
Cloud Administration
App Permissions
Conditional Access
Breach Replay
Password Hashing
MFA
Monitoring
TFS
Password Policy
Azure AD Ban Password Policy
Azure AD Domain Controllers
Password Spray
How to Block Password Spray
Authorization Rules
Blocking Legacy Authentication
Wrap Up
Taught by
Black Hat