Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Azure B2C Zero-Day Exploit Chain - From Public Keys to Microsoft Bug Bounty

DEFCONConference via YouTube

Overview

Explore a comprehensive security conference talk detailing a complete exploit chain discovered in Azure B2C, from initial cryptographic vulnerability identification to achieving full account compromise across any tenant without authentication. Learn about the technical process of reverse engineering the cryptographic vulnerability and implementing a novel attack method for crypto key recovery. Understand the significant implications of this security flaw, which affected Microsoft's Azure B2C identity and access management service used by thousands of organizations, including government entities, professional societies, and commercial enterprises. Discover how this vulnerability impacted Microsoft's own Security Response Center (MSRC) portal, potentially exposing sensitive information about undisclosed zero-day vulnerabilities submitted through Microsoft's bug bounty programs.

Syllabus

DEF CON 31 - Azure B2C 0Day - An Exploit Chain from Public Keys to Microsoft Bug Bounty - John Novak

Taught by

DEFCONConference

Reviews

Start your review of Azure B2C Zero-Day Exploit Chain - From Public Keys to Microsoft Bug Bounty

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.