Attacking and Defending the Microsoft Cloud - Office 365 & Azure AD

Dive into a comprehensive exploration of attack vectors and defense strategies for the Microsoft Cloud, focusing on Office 365 and Azure AD, in this 50-minute Black Hat presentation. Learn about common threats such as password spraying, DNS attacks, and breach replay, while discovering effective countermeasures including conditional access, multi-factor authentication, and robust password policies. Gain insights into cloud administration, app permissions, and monitoring techniques to enhance your organization's security posture. Although centered on Microsoft's ecosystem, many concepts apply to other cloud providers as well. Equip yourself with the knowledge to protect your cloud infrastructure and stay ahead of potential threats in this informative session presented by Sean Metcalf and Mark Morowczynski.