Explore a comprehensive conference talk that delves into the dual nature of Entra ID's Administrative Units (AUs) in Azure security. Learn how AUs function as both a defensive tool for scoping Entra ID role assignments and a potential vector for attackers seeking quiet persistence in Azure tenants. Discover the mechanisms through which obscure parameters can conceal AU membership and how restrictions can prevent the removal of malicious accounts. Follow along as Security Researcher Katie Knowles from Datadog examines Azure permissions, Entra ID role assignment, and demonstrates scenarios where AUs can be exploited for privileged tenant persistence. Gain valuable insights into detection methods, remediation strategies, and understand the implications of these double-edged administrative features. Access practical examples through Stratus Red Team, which accompanies this presentation with emulation techniques for hands-on learning.
Overview
Syllabus
Hidden in Plain Sight: (Ab)using Entra's AUs ~ Katie Knowles
Taught by
fwd:cloudsec
Related Courses
-
Azure Identity and Access Fundamentals
-
SC-5008: Configure and Manage Entitlement with Microsoft Entra ID (Live Online)
-
Configure and govern entitlement with Microsoft Entra ID
-
MD-102 Explore endpoint management
-
Configuring Microsoft Azure Active Directory Privileged Identity Management
-
Develop a security and compliance plan
