Overview
Learn about critical security vulnerabilities in Microsoft SharePoint Online (SPO) and connected Microsoft services in this DEF CON 31 conference presentation. Explore how migration APIs intended for transferring data between on-premises and cloud environments can be exploited by threat actors to compromise system integrity. Discover the technical details of how regular users can leverage SharePoint's Granular Backup feature to spoof content, tamper with existing files, and execute XSS attacks across Microsoft's online ecosystem. Gain insights into elevation-of-privilege attack vectors that can impact Azure Active Directory and other Microsoft cloud services through SPO's backend file storage role in Microsoft 365 Groups, OneDrive, and Teams.
Syllabus
DEF CON 31 - From Feature to Weapon Breaking Microsoft Teams and SharePoint - Nestori Syynimaa
Taught by
DEFCONConference