Learn about critical security vulnerabilities in Microsoft SharePoint Online (SPO) and connected Microsoft services in this DEF CON 31 conference presentation. Explore how migration APIs intended for transferring data between on-premises and cloud environments can be exploited by threat actors to compromise system integrity. Discover the technical details of how regular users can leverage SharePoint's Granular Backup feature to spoof content, tamper with existing files, and execute XSS attacks across Microsoft's online ecosystem. Gain insights into elevation-of-privilege attack vectors that can impact Azure Active Directory and other Microsoft cloud services through SPO's backend file storage role in Microsoft 365 Groups, OneDrive, and Teams.
Breaking Microsoft Teams and SharePoint Through Migration APIs
Overview
Syllabus
DEF CON 31 - From Feature to Weapon Breaking Microsoft Teams and SharePoint - Nestori Syynimaa
Taught by
DEFCONConference
Related Courses
-
Migrating Your Content to SharePoint Online and OneDrive for Business
-
PowerShell for Microsoft 365
-
Office 365 Migration
-
MS-101 Explore security metrics in Microsoft Defender XDR
-
Manage identity and access in Microsoft 365
-
Abusing Mixed Vendor Kerberos Stacks - Exploiting Windows AD and Linux Authentication
