Overview
Explore the journey of discovering 365 valid bugs in Microsoft Office 365 applications in this 45-minute conference talk from the Hack In The Box Security Conference. Delve into the security vulnerabilities found in the world's productivity cloud, used by millions of companies and billions of users worldwide. Learn about bounty award-winning bugs, including cross-tenant privacy leaks, Power Apps Portals vulnerabilities, SQL injection, CSRF, and SSRF in Dynamics 365, privilege escalation issues in SharePoint Online, XSS vulnerabilities in Outlook, and rate limiting problems. Gain insights into XSS issues discovered across various Microsoft 365 services, including Admin Centre, OneDrive, Word, Excel, PowerPoint, OneNote, Yammer, Microsoft Forms, Kaizala, Stream, Video 365, Azure, and Security & Compliance services. Discover valuable tips and tricks for staying ahead in testing new and upcoming Office 365 features, presented by Ashar Javed, a seasoned security engineer and researcher recognized as a top contributor to Microsoft's Security Response Center.
Syllabus
#HITBCyberWeek D2T2 - The Road Towards 365 Bugs in Microsoft Office 365
Taught by
Hack In The Box Security Conference