The whole Microsoft cloud offering, including Azure AD and Microsoft 365, is based on the use of OAuth bearer tokens. The purpose of the token is simple: it proves the identity and the access rights of its bearer.
This workshop is a hands-on deep-dive to technical details of Azure AD’s implementation of OAuth standard. We’ll cover the JWT standard, different token types (access, identity, and refresh) and various ways of obtaining them, peculiarities of Family of Client Id (FOCI) tokens, and of course, different attack scenarios.
Attendees will learn the technical details of Azure AD OAuth implementation, helping them to secure their environments better and detect abuse of tokens.
Participants should prepare by:
Familiarity with Burp or Fiddler, http traffic, general web technologies
Participants must have the following equipment:
A computer (VM will do) with Burp or Fiddler + ability to run AADInternals (or script language of their choise)