Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

My Cloud is APT's Cloud - Investigating and Defending Office 365

Black Hat via YouTube

Overview

Explore the increasing threat landscape of Microsoft Office 365 in this 41-minute Black Hat conference talk. Investigate how attackers are targeting cloud services, particularly Office 365, which has become the dominant email platform for enterprises worldwide. Delve into the various components of Office 365, including Exchange, Teams, SharePoint, and OneDrive, and understand why the vast amount of data stored in these services makes them attractive targets for threat actors. Learn about authentication types, the Unified Log, and the attack lifecycle through real-world case studies. Discover effective defense strategies, including conditional access, Azure Active Directory protection, and safeguarding against sophisticated techniques like GoldSAML attacks, mail forwarding rules abuse, and eDiscovery exploitation. Gain valuable insights from security experts Doug Bienstock and Josh Madeley on investigating and defending Office 365 environments against advanced persistent threats.

Syllabus

Intro
Meet Josh
Agenda
Authentication
Authentication Types
Unified Log
Attack Lifecycle
Case Studies
First Case Study
Second Case Study
How can we stop this
Persistence
Conditional Access
Sophistication
Azure Active Directory
GoldSaml
Mail Forwarding Rules
Rights Delegation
Mail Flow Transport Rules
Graph API
EDiscovery Abuse
Closing Thoughts
Questions

Taught by

Black Hat

Reviews

Start your review of My Cloud is APT's Cloud - Investigating and Defending Office 365

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.