All You Need is Guest
Azure AD guest accounts are widely used to grant external parties limited access to enterprise resources, with the assumption that these accounts pose little security risk. As you’re about to see, this assumption is dangerously wrong.
In this talk, we will show how guests can leverage undocumented APIs to bypass limitations and gain unauthorized access to sensitive business data and capabilities including corporate SQL servers, SharePoint sites, and KeyVault secrets....
By: Michael Bargury
Full Abstract and Presentation Materials:
#all-you-need-is-guest-32647
4 days ago 00:04:46 0
5 days ago 00:05:10 0
6 days ago 00:03:36 1
1 week ago 00:02:07 1
1 week ago 00:03:54 0
1 week ago 00:05:11 8
1 week ago 00:03:45 2
1 week ago 00:13:18 0
1 week ago 00:00:13 0
1 week ago 00:01:53 2
2 weeks ago 00:02:14 13
2 weeks ago 00:03:19 0
2 weeks ago 00:02:11 1
2 weeks ago 00:00:00 8
2 weeks ago 00:12:47 2
2 weeks ago 00:03:30 0
2 weeks ago 00:03:15 0
2 weeks ago 01:26:15 4
2 weeks ago 00:03:37 0
3 weeks ago 00:01:07 9
3 weeks ago 00:03:41 7
3 weeks ago 00:08:54 1
3 weeks ago 00:14:02 1
3 weeks ago 00:03:32 0
