May 19 10:00 AM EDT
Workshops are first-come, first-serve and have limited capacity. Some workshops may be streamed for additional passive participation.
The whole Microsoft cloud offering, including Azure AD and Microsoft 365, is based on the use of OAuth bearer tokens. The purpose of the token is simple: it proves the identity and the access rights of its bearer.
This workshop is a hands-on deep-dive to technical details of Azure AD’s implementation of OAuth standard. We’ll cover the JWT standard, different token types (access, identity, and refresh) and various ways of obtaining them, peculiarities of Family of Client Id (FOCI) tokens, and of course, different attack scenarios.
Attendees will learn the technical details of Azure AD OAuth implementation, helping them to secure their environments better and detect abuse of tokens.
Participants should prepare by:
Familiarity with Burp or Fiddler, http traffic, general web technologies
Participants must have the following equipment:
A computer (VM will do) with Burp or Fiddler + ability to run AADInternals (or script language of their choise)
Dr Nestori Syynimaa Senior Principal Security Researcher, Secureworks CTU
Dr Nestori Syynimaa is one of the leading Azure AD / M365 experts in the world and the developer of the AADInternals toolkit. He has worked with Microsoft cloud services for over a decade and has been MCT since 2013, MVP since 2020, and awarded Microsoft Most Valuable Security Researcher for 2021. Currently, Dr Syynimaa works as a Senior Principal Security Researcher for Secureworks Counter Threat Unit. Before moving to his current position, Dr Syynimaa worked as a CIO, consultant, trainer, researcher, and university lecturer for almost 20 years.
Dr Syynimaa has spoken in many international scientific and professional conferences, including IEEE TrustCom 2018, Black Hat Arsenal USA 2019, Black Hat Arsenal Europe 2019 and 2021, and RSA Conference 2022