SlideShare a Scribd company logo

Microsoft365 from a Hacker's Perspective

Download as PPTX, PDF
B
Benedek Menesi

Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it. In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms. You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.

Software
1 of 74
Make Your Data Work For You Office365 from a Hacker‘s perspective Real life threats, tactics and remedies Ben Menesi New York, NY 27th 07 2019
Speaker • Ben Menesi – VP Products & Innovation at panagenda – Started out in the IBM world – SharePoint & Exchange Admin & Dev – Certified Ethical Hacker v9 and OSCP student – Enjoys breaking things – Speaker at IT events around the globe (SPS Toronto, Calgary, Geneva, Cambridge) – Owns a bar (recently) @BenMenesi
panagenda • Who we are – HQ in Vienna, Austria – Offices in Boston, Austria, Germany, The Netherlands and Australia – >1M user licenses across over 80 countries
panagenda • What we do: OfficeExpert • Quality of Service monitoring using bots • Teams Analytics
Our product: OfficeExpert • Teams cluster analytics: who’s talking to whom?
OfficeExpert • Teams analytics: Storage Impact
OfficeExpert • Teams analytics: Activity & Adoption
Agenda • What we’ll cover today Ransomware Attacks Email security Multi-Factor Authentication Illicit Consent Grants
Statistics • Some numbers from the field – Verizon’s 2017 & 2018 Data Breach Investigations Report: 53000 incidents & 2216 data breaches 58% Victims are businesses with < 1000 employees (62% in 2017) 92% 68% Breaches took months(!!!) to discover Malware vectors: Email. (6.3% Web, 1.3% other)
On-Prem. Vs. Cloud Security • Benefits of your data in the cloud Broader scope of threat intelligence Larger and more specialized security muscle than most SMBs Fast and instant delivery (no manual patching required)
On-Prem. Vs. Cloud Security • Disadvantages of using cloud services Vulnerability / Risk Mitigation is out of our control Part of a larger, very attractive attack surface Less flexibility in customizing defenses
Vulnerability Mitigation • Practical example – Basestriker attack: gets around Microsoft’s ATP SafeLinks by leveraging the <base> tag:  Traditional way to embed URLs in a phishing email:  Using the <base> tag:
Vulnerability Mitigation • Vulnerability Lifecycle 02.05.2018 Microsoft alerted alerted by Avanan 02.05.2018 Proofpoint alerted by Avanan 16.05.2018 Microsoft fixes fixes vulnerability 14 days
Ransomware
Ransomware Attacks Why are they so important?  DOJ Statistics: 1000 attacks / day in 2015, 4000 attacks / day in 2017  WannaCry: 150 countries, estimated at $4B  NotPetya: $250-300M for Maersk alone, $1.2B in total revenue  54% of companies experienced one or more successful attacks  Total cost of a successful cyber attack is over $5M or $301 / employee
Ransomware Attacks How do they spread?  60% of ransomware attacks come from infected emails BUT:  Also, vulnerable (application) servers  Example: city of Atlanta hit by SamSam (originally discovered in 2016) in 2018  Malware infection likely through SMBv1 open on a web server  Aftermath: $2.6M cost
Decrypting Ransomware  Cautionary tale: Herrington & Company gets ransomwared  Engages Data Recovery company to retrieve data  DR company quotes $6000 to recover data  Data recovery is WAY too fast  FBI confirms that PDR indeed paid ransom to decrypt victim’s files  https://pbs.twimg.com/media/DbfP0G7WAAEWQIa.jpg:large  How do we prevent ransomware?
Ransomware Protection  Microsoft introduced Files Restore OneDrive  Allows to restore entire OneDrive account to a previous point in time within 30 days  Monitors file assets notifies if an attack is detected
Ransomware Protection  Careful!  Real time notification might not be as accurate as we think  AxCrypt encryption on OneDrive files stays under the radar  Ransomware prevention: have users store important data in OneDrive
Email & Sharing
 Email Encryption: End-to end encryption  Prevent Forwarding: Restrict email recipients from forwarding or copying emails you send (plus: MS Office docs. Attached are encrypted even after downloading)  What happens if the recipient is outside your organization: Email Encryption
 OME: Automatically Enabled Email Encryption
 Revoking Encrypted Messages  This one is thanks to Al Hoitingh: https://alberthoitingh.com/2018/12/20/ome- message-revocation/  Encrypted status means: email & content didn’t leave the perimeter.  You can use Message Trace to locate the outgoing mail and then use powershell to:  Query the OME status: Get-OMEMessageStatus -MessageID “message id”  Set message as revoked: Set-OMEMessageRevocation -Revoke $true -MessageID “message id” Email Encryption
 Revoking Encrypted Messages  Because the data never left the perimeter, it’s the ‘link’ that’s broken at the moment of revocation and recipient will get this: Email Encryption
Illicit Consent Grants
 In the light of the Facebook Cambridge Analytica scandal, we should take a look at Azure AD registered applications  Phishing campaigns could trick users into granting access to applications  https://blogs.technet.microsoft.com/office365security/defending-against-illicit- consent-grants/  Exploit first demonstrated by Kevin Mitnick Illicit Consent Grants
 Exploit Scenario  Demo  Infrastructure Illicit Consent Grants User Apache Web Server Hacker
 Exploit Scenario: Let’s dive in! Illicit Consent Grants
 Exploit Scenario  User received a legit looking email: Illicit Consent Grants
 Exploit Scenario  User received a legit looking email: Illicit Consent Grants
 Exploit Scenario  Picks account to authenticate Illicit Consent Grants
 Exploit Scenario  Presented with permissions that need user consent only Illicit Consent Grants
 Exploit Scenario  All mails are encrypted  … and this is just one of many possibilities Illicit Consent Grants
 Exploit Scenario: Infrastructure – bit more detail Illicit Consent Grants
 Consent is key  Why build integrated applications?  Using various APIs, you can grant apps access to your tenant data:  Mail, calendars, contacts, conversations  Users, groups, files and folders  SharePoint sites, lists, list items  OneDrive items, permissions and more  Integration: Azure AD provides secure sign-in and authorization  Developer registers the application with Azure AD  Assign permissions to the application  Tenant administrator / user must consent to permissions Digital #metoo era
 Registering the application  Who can register applications in your tenant?  By default: any member! This can be a security issue  Keep in mind: there is a record of what data was shared with which application. Also: when user adds / allows application to access their data, event can be audited (Audit reports)  See more: https://docs.microsoft.com/en-us/azure/active- directory/develop/active-directory-how-applications-are-added#who-has- permission-to-add-applications-to-my-azure-ad-instance Azure AD Applications
 Authorization Flow: Oauth2 / OpenID Azure AD Applications
 Authorization flow: let’s simplify  User consents to permissions required by the app  Application asks for authorization from the Azure AD  Azure AD makes the user sign in and returns code to application  Application uses code to retrieve JWT bearer token to use resource (Microsoft Graph API)  Keep in mind: JWT doesn’t authenticate, only authorizes! Azure AD Applications
Preventing illicit consent grants Regular application & permission enumeration Cloud App Security Educating users Application Registration & consent restriction
 Remedy: Restricting app registrations  Azure Portal > Azure Active Directory > User Settings Azure AD Applications
 Remedy: Restricting consent grants  Azure Portal > Azure Active Directory > User Settings  Watch out! This means that all application consent will be REQUIRED to be done by Global Admins Azure AD Applications
 Remedy: Enumerating apps and permissions  Enumeration using PowerShell:  Install the AzureAD PowerShell module  Launch PowerShell ISE as an Administrator and: Install-Module AzureAD  Connect to Azure AD: Connect-AzureAD  Use PowerShell script: https://gist.github.com/psignoret/41793f8c6211d2df5051d77ca3728c09  Example: .Get-AzureADPSPermissions.ps1 | Export-Csv -Path "permissions.csv" - NoTypeInformation Azure AD Applications
 Remedy: Enumerating apps and permissions  What you get: Azure AD Applications
 Remedy: Enumerating apps and permissions  Gotcha: won’t show redirect URLs!  Requires AzureRM.Resources and Connect-AzureRMADAccount: Azure AD Applications
 Remedy: Searching your Audit Logs  Use the ‘consent’ string to filter Azure AD Applications
 Remedy: Cloud App Security  Create an OAUTH App Security Policy Azure AD Applications
 Remedy: Cloud App Security  Create an OAUTH App Security Policy Azure AD Applications
 What you get with CAS from our attack scenario Azure AD Applications
Password Attacks
 Brute forcing office365 logins  In the news in August 2017: sophisticated and coordinated attack against 48 Office365 customers  Brute Force attack unique: targeting multiple cloud providers  100,000 failed login attempts from 67 Ips and 12 networks over 7 months  Slow and low to avoid intrusion detection  Users see unsuccessful login attempts using name up to 17 name variations  Passwords likely the same (password spray attack)  https://www.tripwire.com/state-of-security/featured/new-type-brute-force-attack-office- 365-accounts/ Brute Force Attacks
 How hard is it to acquire the right login names?  Demo Brute Force Attacks
 Account Lockout in Office365  Before 02/04/2019:  10 unsuccessful attempts: captcha  Another 10: lockout (10 mins)  In reality: 10 tries = lockout  No customization allowed Brute Force Attacks
 Account Lockout in Office365  As of 02/04/2019: WOOHOO  Brute Force Attacks
 What could’ve stopped all this? MFA  Interesting story about MFA: https://goo.gl/CFcA5t Brute Force Attacks
 Good news: management through the app is better Brute Force Attacks
 MFA – the elephant in the room  2 serious outages in 2018 alone Brute Force Attacks
 MFA – in case of emergencies  Consider implementing a break glass account (via Exclusions from Baseline MFA Policy): https://practical365.com/security/multi-factor-authentication-default- for-admins/  Azure AD Portal > Conditional Access Brute Force Attacks
 The way around MFA  Recent breaches discovered by Proofpoint: https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage- credential-dumps-phishing-and-legacy-email-protocols  Essentially: using IMAP to get around MFA by mimicking legacy email clients Brute Force Attacks
MFA exploit Highlights  100,000 unauthorised login attempts analyzed (December 2018 – onwards)  72% tenants were targeted at least once  40% tenants had at least 1 compromised account  15 of 10,000 active user accounts breached
 Microsoft’s response: https://docs.microsoft.com/en-us/microsoft- 365/enterprise/secure-email-recommended-policies  Require MFA  Block clients that don’t support modern auth.  App Passwords Brute Force Attacks
 Available as part of Threat Intelligence (available in Office365 Enterprise E5)  You must be a global administrator or member of the Security Admin group in the Security & Compliance Center AND have MFA enabled Attack Simulator Spear Phishing Campaigns Password Brute-Force Attacks Password Spray Attacks
 Where do you find it: protection.office.com > Threat Management Attack Simulator
 Spear Phishing campaigns  Tip: target users identified as top targeted in the Threat Management dashboard  Tip2: You’ll need to enable Office Analytics Attack Simulator
 Spear Phishing campaigns  User tries to log in to phishing site  Redirected to awareness page Attack Simulator
 Spear Phishing campaigns  Tip: best to use your own phishing landing site ;) Attack Simulator
 Brute Force Password  Use a pre-set word list against one or multiple user accounts  Uses the same method an attacker would  I mean literally: watch out! Currently this locks out the user account.  Only supports very limited password lists (Internal server error at 10k passwords)  Best online resources for common credentials: https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common- Credentials Attack Simulator
 Password Spray Attack  Tries one or a few passwords against all accounts  Story: known password against two accounts  Both accounts DID have that password  Why?  Why?  Gotcha: second user had MFA enabled, which doesn’t appear to be supported. Attack Simulator
 Generally available in office365 – Security & Compliance  Tracks major malware campaigns (WannaCry, Petya, etc)  Let’s you track the impact of these campaigns in your tenant Threat Tracker
 About generating random passwords  Current password format isn’t hard to guess:  Tip: make sure to have users modify their passwords on first login Office365 passwords
 Guessing random passwords  Always 8 characters  Starts with 3 letters  Ends in 5 numbers Office365 passwords ConsonantConsonants 21 21 Vowel 5 Numbers 10 10 10 10 10 220,500,000
 Guessing random passwords  Pretty easy to create a password list for brute-force:  Using crunch: crunch 8 8 aeiou BCDFGHJKLMNPQRSTVWXYZ 0123456789 bcdfghjklmnpqrstvwxyz –t ,@^%%%%%  File size: only ~ 1GB Office365 passwords
 Simulate attacks against your own environment  Keep an eye out for more attack simulation tools  Use your own phishing tactics and word lists  Educate users on strong passwords Conclusion
OfficeExpert You can sign up for our sandbox (14 days trial – immediately): https://www.panagenda.com/officeexpert-sandbox If you’re an MVP, you get a free license from us: https://www.panagenda.com/exclusive-mvp-offer
Thank You Questions & Feedback: LOVE IT Get in touch: ben.menesi@panagenda.com Presentation online: slideshare.net/benedek.Menesi @BenMenesi Linkedin.ca/in/benedekmenesi

Recommended

Analyzing Microsoft Teams engagement & adoption: Why, What & How?
Analyzing Microsoft Teams engagement & adoption: Why, What & How?Analyzing Microsoft Teams engagement & adoption: Why, What & How?
Analyzing Microsoft Teams engagement & adoption: Why, What & How?Benedek Menesi
 
Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck Benedek Menesi
 
Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies
Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies
Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies Benedek Menesi
 
Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...
Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...
Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...Benedek Menesi
 
Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...Benedek Menesi
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag
 

Recommended

Analyzing Microsoft Teams engagement & adoption: Why, What & How?
Analyzing Microsoft Teams engagement & adoption: Why, What & How?Analyzing Microsoft Teams engagement & adoption: Why, What & How?
Analyzing Microsoft Teams engagement & adoption: Why, What & How?Benedek Menesi
 
Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck Benedek Menesi
 
Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies
Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies
Office365 from a hacker's perspective: Real-life Threats, Tactics and Remedies Benedek Menesi
 
Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...
Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...
Office365 from a hacker's perspective: Real life Threats, Tactics and Remedie...Benedek Menesi
 
Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...Office365 in today's digital threats landscape: attacks & remedies from a hac...
Office365 in today's digital threats landscape: attacks & remedies from a hac...Benedek Menesi
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag
 
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...Patrick Guimonet
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Vignesh Ganesan I Microsoft MVP
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS TeamsNanddeep Nachan
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best PracticesCommunity IT Innovators
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockCloudLock
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCloudLock
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...DIWUG
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsVignesh Ganesan I Microsoft MVP
 
Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Albert Hoitingh
 
15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner EventVuzion
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterMicrosoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterAmmar Hasayen
 
Log Analytics with Wyng
Log Analytics with WyngLog Analytics with Wyng
Log Analytics with WyngAmazon Web Services
 
Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...panagenda
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosJenniferMete1
 

More Related Content

What's hot

2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...Patrick Guimonet
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS TeamsNanddeep Nachan
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockCloudLock
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCloudLock
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...DIWUG
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsVignesh Ganesan I Microsoft MVP
 
Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Albert Hoitingh
 
15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner EventVuzion
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterMicrosoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterAmmar Hasayen
 

What's hot (20)

2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS Teams
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWS
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenant
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and Teams
 
Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021
 
15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & Sensitivity
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterMicrosoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture Poster
 
Log Analytics with Wyng
Log Analytics with WyngLog Analytics with Wyng
Log Analytics with Wyng
 

Similar to Microsoft365 from a Hacker's Perspective

Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...panagenda
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosJenniferMete1
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...CoLaboraDK
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...Morgan Simonsen
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisNorth Texas Chapter of the ISSA
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Low Latency Fraud Detection & Prevention
Low Latency Fraud Detection & PreventionLow Latency Fraud Detection & Prevention
Low Latency Fraud Detection & PreventionSid Anand
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityColin English
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel securityIngram Micro Cloud
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldForte Advisory, Inc.
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...jeffgellman
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 
Top 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptxTop 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptxHichamNiamane1
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 

Similar to Microsoft365 from a Hacker's Perspective (20)

Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...Office 365 in today's digital threats landscape: attacks & remedies from a ha...
Office 365 in today's digital threats landscape: attacks & remedies from a ha...
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von Baggenstos
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Low Latency Fraud Detection & Prevention
Low Latency Fraud Detection & PreventionLow Latency Fraud Detection & Prevention
Low Latency Fraud Detection & Prevention
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Security & Compliance for Startups
Security & Compliance for StartupsSecurity & Compliance for Startups
Security & Compliance for Startups
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Top 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptxTop 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptx
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 

Microsoft365 from a Hacker's Perspective

  • 1. Make Your Data Work For You Office365 from a Hacker‘s perspective Real life threats, tactics and remedies Ben Menesi New York, NY 27th 07 2019
  • 2. Speaker • Ben Menesi – VP Products & Innovation at panagenda – Started out in the IBM world – SharePoint & Exchange Admin & Dev – Certified Ethical Hacker v9 and OSCP student – Enjoys breaking things – Speaker at IT events around the globe (SPS Toronto, Calgary, Geneva, Cambridge) – Owns a bar (recently) @BenMenesi
  • 3. panagenda • Who we are – HQ in Vienna, Austria – Offices in Boston, Austria, Germany, The Netherlands and Australia – >1M user licenses across over 80 countries
  • 4. panagenda • What we do: OfficeExpert • Quality of Service monitoring using bots • Teams Analytics
  • 5. Our product: OfficeExpert • Teams cluster analytics: who’s talking to whom?
  • 7. OfficeExpert • Teams analytics: Activity & Adoption
  • 8. Agenda • What we’ll cover today Ransomware Attacks Email security Multi-Factor Authentication Illicit Consent Grants
  • 9. Statistics • Some numbers from the field – Verizon’s 2017 & 2018 Data Breach Investigations Report: 53000 incidents & 2216 data breaches 58% Victims are businesses with < 1000 employees (62% in 2017) 92% 68% Breaches took months(!!!) to discover Malware vectors: Email. (6.3% Web, 1.3% other)
  • 10. On-Prem. Vs. Cloud Security • Benefits of your data in the cloud Broader scope of threat intelligence Larger and more specialized security muscle than most SMBs Fast and instant delivery (no manual patching required)
  • 11. On-Prem. Vs. Cloud Security • Disadvantages of using cloud services Vulnerability / Risk Mitigation is out of our control Part of a larger, very attractive attack surface Less flexibility in customizing defenses
  • 12. Vulnerability Mitigation • Practical example – Basestriker attack: gets around Microsoft’s ATP SafeLinks by leveraging the <base> tag:  Traditional way to embed URLs in a phishing email:  Using the <base> tag:
  • 13. Vulnerability Mitigation • Vulnerability Lifecycle 02.05.2018 Microsoft alerted alerted by Avanan 02.05.2018 Proofpoint alerted by Avanan 16.05.2018 Microsoft fixes fixes vulnerability 14 days
  • 15. Ransomware Attacks Why are they so important?  DOJ Statistics: 1000 attacks / day in 2015, 4000 attacks / day in 2017  WannaCry: 150 countries, estimated at $4B  NotPetya: $250-300M for Maersk alone, $1.2B in total revenue  54% of companies experienced one or more successful attacks  Total cost of a successful cyber attack is over $5M or $301 / employee
  • 16. Ransomware Attacks How do they spread?  60% of ransomware attacks come from infected emails BUT:  Also, vulnerable (application) servers  Example: city of Atlanta hit by SamSam (originally discovered in 2016) in 2018  Malware infection likely through SMBv1 open on a web server  Aftermath: $2.6M cost
  • 17. Decrypting Ransomware  Cautionary tale: Herrington & Company gets ransomwared  Engages Data Recovery company to retrieve data  DR company quotes $6000 to recover data  Data recovery is WAY too fast  FBI confirms that PDR indeed paid ransom to decrypt victim’s files  https://pbs.twimg.com/media/DbfP0G7WAAEWQIa.jpg:large  How do we prevent ransomware?
  • 18. Ransomware Protection  Microsoft introduced Files Restore OneDrive  Allows to restore entire OneDrive account to a previous point in time within 30 days  Monitors file assets notifies if an attack is detected
  • 19. Ransomware Protection  Careful!  Real time notification might not be as accurate as we think  AxCrypt encryption on OneDrive files stays under the radar  Ransomware prevention: have users store important data in OneDrive
  • 21.  Email Encryption: End-to end encryption  Prevent Forwarding: Restrict email recipients from forwarding or copying emails you send (plus: MS Office docs. Attached are encrypted even after downloading)  What happens if the recipient is outside your organization: Email Encryption
  • 22.  OME: Automatically Enabled Email Encryption
  • 23.  Revoking Encrypted Messages  This one is thanks to Al Hoitingh: https://alberthoitingh.com/2018/12/20/ome- message-revocation/  Encrypted status means: email & content didn’t leave the perimeter.  You can use Message Trace to locate the outgoing mail and then use powershell to:  Query the OME status: Get-OMEMessageStatus -MessageID “message id”  Set message as revoked: Set-OMEMessageRevocation -Revoke $true -MessageID “message id” Email Encryption
  • 24.  Revoking Encrypted Messages  Because the data never left the perimeter, it’s the ‘link’ that’s broken at the moment of revocation and recipient will get this: Email Encryption
  • 26.  In the light of the Facebook Cambridge Analytica scandal, we should take a look at Azure AD registered applications  Phishing campaigns could trick users into granting access to applications  https://blogs.technet.microsoft.com/office365security/defending-against-illicit- consent-grants/  Exploit first demonstrated by Kevin Mitnick Illicit Consent Grants
  • 27.  Exploit Scenario  Demo  Infrastructure Illicit Consent Grants User Apache Web Server Hacker
  • 28.  Exploit Scenario: Let’s dive in! Illicit Consent Grants
  • 29.  Exploit Scenario  User received a legit looking email: Illicit Consent Grants
  • 30.  Exploit Scenario  User received a legit looking email: Illicit Consent Grants
  • 31.  Exploit Scenario  Picks account to authenticate Illicit Consent Grants
  • 32.  Exploit Scenario  Presented with permissions that need user consent only Illicit Consent Grants
  • 33.  Exploit Scenario  All mails are encrypted  … and this is just one of many possibilities Illicit Consent Grants
  • 34.  Exploit Scenario: Infrastructure – bit more detail Illicit Consent Grants
  • 35.  Consent is key  Why build integrated applications?  Using various APIs, you can grant apps access to your tenant data:  Mail, calendars, contacts, conversations  Users, groups, files and folders  SharePoint sites, lists, list items  OneDrive items, permissions and more  Integration: Azure AD provides secure sign-in and authorization  Developer registers the application with Azure AD  Assign permissions to the application  Tenant administrator / user must consent to permissions Digital #metoo era
  • 36.  Registering the application  Who can register applications in your tenant?  By default: any member! This can be a security issue  Keep in mind: there is a record of what data was shared with which application. Also: when user adds / allows application to access their data, event can be audited (Audit reports)  See more: https://docs.microsoft.com/en-us/azure/active- directory/develop/active-directory-how-applications-are-added#who-has- permission-to-add-applications-to-my-azure-ad-instance Azure AD Applications
  • 37.  Authorization Flow: Oauth2 / OpenID Azure AD Applications
  • 38.  Authorization flow: let’s simplify  User consents to permissions required by the app  Application asks for authorization from the Azure AD  Azure AD makes the user sign in and returns code to application  Application uses code to retrieve JWT bearer token to use resource (Microsoft Graph API)  Keep in mind: JWT doesn’t authenticate, only authorizes! Azure AD Applications
  • 39. Preventing illicit consent grants Regular application & permission enumeration Cloud App Security Educating users Application Registration & consent restriction
  • 40.  Remedy: Restricting app registrations  Azure Portal > Azure Active Directory > User Settings Azure AD Applications
  • 41.  Remedy: Restricting consent grants  Azure Portal > Azure Active Directory > User Settings  Watch out! This means that all application consent will be REQUIRED to be done by Global Admins Azure AD Applications
  • 42.  Remedy: Enumerating apps and permissions  Enumeration using PowerShell:  Install the AzureAD PowerShell module  Launch PowerShell ISE as an Administrator and: Install-Module AzureAD  Connect to Azure AD: Connect-AzureAD  Use PowerShell script: https://gist.github.com/psignoret/41793f8c6211d2df5051d77ca3728c09  Example: .Get-AzureADPSPermissions.ps1 | Export-Csv -Path "permissions.csv" - NoTypeInformation Azure AD Applications
  • 43.  Remedy: Enumerating apps and permissions  What you get: Azure AD Applications
  • 44.  Remedy: Enumerating apps and permissions  Gotcha: won’t show redirect URLs!  Requires AzureRM.Resources and Connect-AzureRMADAccount: Azure AD Applications
  • 45.  Remedy: Searching your Audit Logs  Use the ‘consent’ string to filter Azure AD Applications
  • 46.  Remedy: Cloud App Security  Create an OAUTH App Security Policy Azure AD Applications
  • 47.  Remedy: Cloud App Security  Create an OAUTH App Security Policy Azure AD Applications
  • 48.  What you get with CAS from our attack scenario Azure AD Applications
  • 50.  Brute forcing office365 logins  In the news in August 2017: sophisticated and coordinated attack against 48 Office365 customers  Brute Force attack unique: targeting multiple cloud providers  100,000 failed login attempts from 67 Ips and 12 networks over 7 months  Slow and low to avoid intrusion detection  Users see unsuccessful login attempts using name up to 17 name variations  Passwords likely the same (password spray attack)  https://www.tripwire.com/state-of-security/featured/new-type-brute-force-attack-office- 365-accounts/ Brute Force Attacks
  • 51.  How hard is it to acquire the right login names?  Demo Brute Force Attacks
  • 52.  Account Lockout in Office365  Before 02/04/2019:  10 unsuccessful attempts: captcha  Another 10: lockout (10 mins)  In reality: 10 tries = lockout  No customization allowed Brute Force Attacks
  • 53.  Account Lockout in Office365  As of 02/04/2019: WOOHOO  Brute Force Attacks
  • 54.  What could’ve stopped all this? MFA  Interesting story about MFA: https://goo.gl/CFcA5t Brute Force Attacks
  • 55.  Good news: management through the app is better Brute Force Attacks
  • 56.  MFA – the elephant in the room  2 serious outages in 2018 alone Brute Force Attacks
  • 57.  MFA – in case of emergencies  Consider implementing a break glass account (via Exclusions from Baseline MFA Policy): https://practical365.com/security/multi-factor-authentication-default- for-admins/  Azure AD Portal > Conditional Access Brute Force Attacks
  • 58.  The way around MFA  Recent breaches discovered by Proofpoint: https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage- credential-dumps-phishing-and-legacy-email-protocols  Essentially: using IMAP to get around MFA by mimicking legacy email clients Brute Force Attacks
  • 59. MFA exploit Highlights  100,000 unauthorised login attempts analyzed (December 2018 – onwards)  72% tenants were targeted at least once  40% tenants had at least 1 compromised account  15 of 10,000 active user accounts breached
  • 60.  Microsoft’s response: https://docs.microsoft.com/en-us/microsoft- 365/enterprise/secure-email-recommended-policies  Require MFA  Block clients that don’t support modern auth.  App Passwords Brute Force Attacks
  • 61.  Available as part of Threat Intelligence (available in Office365 Enterprise E5)  You must be a global administrator or member of the Security Admin group in the Security & Compliance Center AND have MFA enabled Attack Simulator Spear Phishing Campaigns Password Brute-Force Attacks Password Spray Attacks
  • 62.  Where do you find it: protection.office.com > Threat Management Attack Simulator
  • 63.  Spear Phishing campaigns  Tip: target users identified as top targeted in the Threat Management dashboard  Tip2: You’ll need to enable Office Analytics Attack Simulator
  • 64.  Spear Phishing campaigns  User tries to log in to phishing site  Redirected to awareness page Attack Simulator
  • 65.  Spear Phishing campaigns  Tip: best to use your own phishing landing site ;) Attack Simulator
  • 66.  Brute Force Password  Use a pre-set word list against one or multiple user accounts  Uses the same method an attacker would  I mean literally: watch out! Currently this locks out the user account.  Only supports very limited password lists (Internal server error at 10k passwords)  Best online resources for common credentials: https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common- Credentials Attack Simulator
  • 67.  Password Spray Attack  Tries one or a few passwords against all accounts  Story: known password against two accounts  Both accounts DID have that password  Why?  Why?  Gotcha: second user had MFA enabled, which doesn’t appear to be supported. Attack Simulator
  • 68.  Generally available in office365 – Security & Compliance  Tracks major malware campaigns (WannaCry, Petya, etc)  Let’s you track the impact of these campaigns in your tenant Threat Tracker
  • 69.  About generating random passwords  Current password format isn’t hard to guess:  Tip: make sure to have users modify their passwords on first login Office365 passwords
  • 70.  Guessing random passwords  Always 8 characters  Starts with 3 letters  Ends in 5 numbers Office365 passwords ConsonantConsonants 21 21 Vowel 5 Numbers 10 10 10 10 10 220,500,000
  • 71.  Guessing random passwords  Pretty easy to create a password list for brute-force:  Using crunch: crunch 8 8 aeiou BCDFGHJKLMNPQRSTVWXYZ 0123456789 bcdfghjklmnpqrstvwxyz –t ,@^%%%%%  File size: only ~ 1GB Office365 passwords
  • 72.  Simulate attacks against your own environment  Keep an eye out for more attack simulation tools  Use your own phishing tactics and word lists  Educate users on strong passwords Conclusion
  • 73. OfficeExpert You can sign up for our sandbox (14 days trial – immediately): https://www.panagenda.com/officeexpert-sandbox If you’re an MVP, you get a free license from us: https://www.panagenda.com/exclusive-mvp-offer
  • 74. Thank You Questions & Feedback: LOVE IT Get in touch: ben.menesi@panagenda.com Presentation online: slideshare.net/benedek.Menesi @BenMenesi Linkedin.ca/in/benedekmenesi

Editor's Notes

  1. Conclusion: Update, patch, pay attention to cyber hygiene!
  2. Todo: Ransomware community effort
  3. Todo: Ransomware community effort
  4. Todo: Ransomware community effort