Dive deep into the world of OAuth bearer tokens in this comprehensive 2-hour and 22-minute workshop from NorthSec. Explore the technical intricacies of Azure AD's OAuth implementation, focusing on the JWT standard, various token types (access, identity, and refresh), and methods for obtaining them. Examine the peculiarities of Family of Client Id (FOCI) tokens and investigate different attack scenarios. Gain valuable insights into securing Microsoft cloud environments, including Azure AD and Microsoft 365, by understanding the role of tokens in proving identity and access rights. Enhance your ability to detect token abuse and improve overall security measures through hands-on learning experiences.
Overview
Syllabus
Tokens, everywhere!
Taught by
NorthSec
Related Courses
-
MS-600: Implement Microsoft identity
-
OAuth 2.1 and Beyond
-
Attacking Primary Refresh Tokens Using MacOS Implementation - TROOPERS24
-
How to Protect APIs Using the Microsoft Identity Platform
-
Adding Business Logic to Your Tokens - What Could Possibly Go Wrong
-
How to Authenticate Users of Your Apps With the Microsoft Identity Platform
