Explore the journey of discovering 365 valid bugs in Microsoft Office 365 applications in this 45-minute conference talk from the Hack In The Box Security Conference. Delve into the security vulnerabilities found in the world's productivity cloud, used by millions of companies and billions of users worldwide. Learn about bounty award-winning bugs, including cross-tenant privacy leaks, Power Apps Portals vulnerabilities, SQL injection, CSRF, and SSRF in Dynamics 365, privilege escalation issues in SharePoint Online, XSS vulnerabilities in Outlook, and rate limiting problems. Gain insights into XSS issues discovered across various Microsoft 365 services, including Admin Centre, OneDrive, Word, Excel, PowerPoint, OneNote, Yammer, Microsoft Forms, Kaizala, Stream, Video 365, Azure, and Security & Compliance services. Discover valuable tips and tricks for staying ahead in testing new and upcoming Office 365 features, presented by Ashar Javed, a seasoned security engineer and researcher recognized as a top contributor to Microsoft's Security Response Center.
Overview
Syllabus
#HITBCyberWeek D2T2 - The Road Towards 365 Bugs in Microsoft Office 365
Taught by
Hack In The Box Security Conference
Related Courses
-
Prepare security and compliance to support Microsoft 365 Copilot
-
Prepare for Copilot for Microsoft 365: Part 3 – Threat protection
-
Website Hacking / Penetration Testing
-
MS-500 part 4: Manage Governance and Compliance Features in Microsoft 365
-
Popular Web Attacks - XSS, CSRF, SSRF, SQL Injection, MIME Sniffing, Smuggling and More
-
Microsoft Defender for Office 365 Evasion - The Story of Confirmed Vulnerability
