DeepSec 2020 Talk: Abusing Azure Active Directory: Who Would You Like To Be Today? – Dr. Nestori Syynimaa
This will be one of the few online talks held at DeepSec. Dr. Nestori Syynimaa covers the wonderful world of Azure AD and third-party code.
Azure AD is used by Microsoft Office 365 and over 2900 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation, pass-through authentication, and seamless single-sign-on. In this session, using AADInternals PowerShell module, I’ll demonstrate the exploitation of these vulnerabilities to create backdoors, impersonate users, and bypass MFA. The purpose of this session is to raise awareness of the importance of the principle of least privilege and the role of on-prem security to cloud security.
Please tell us the most important facts about your talk.
- Azure AD acts as an identity provider for many cloud services
- To protect identities, you must protect Azure AD
- There are several ways a rogue admin can create backdoors to Azure AD
- To protect cloud, you need to protect your on-prem too
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
In my previous job I worked as trainer for Office 365 admin courses (I’m still MCT). When preparing one course, I found a way to create a backdoor to Azure AD. Microsoft did not consider that to be a vulnerability and they refused to fix it. After this, I made a decision to study further and share my findings with the community (after reporting everything to Microsoft).
Why do you think this is an important topic?
The whole security aspect of Microsoft cloud services is very complex. With wrong design choices, the security borders can be breached. By increasing the awareness of what harm can be done (and how), organisations can better protect their environments.
Is there something you want everybody to know – some good advice for our readers maybe?
In the live sessions I only do live demos! So, while attending my session, there is a great chance for you to be a part of the presentation.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
As the cloud is a separate environment to current on-prem environment, all extra credentials etc. are hindering the use of cloud services. Therefore the service providers are making things easier for end-users by providing solutions like single-sign-on and identity synchronisation. Unfortunately, these are making the cloud security more complex and less secure. I anticipate that the complexity will be increasing in the future.
Dr Nestori Syynimaa is one of the leading Office 365 experts in the world and the developer of AADInternals toolkit. He has worked with Microsoft cloud services over a decade and has been MCT since 2013. Currently, Dr Syynimaa works as a CIO for eight cities and municipalities in Finland and runs his own consulting business. Before moving to his current position, Dr Syynimaa worked as a consultant, trainer, researcher, and university lecturer for almost 20 years.
Dr Syynimaa has been speaking at many international scientific and professional conferences, including IEEE TrustCom 2018, TechMentor Orlando 2017 & 2018, TechMentor Seattle 2018, and Black Hat USA & Europe 2019.