SlideShare a Scribd company logo
1 of 27
PHISHING PAST MAIL PROTECTION CONTROLS USING
AZURE INFORMATION PROTECTION
ODDVAR MOE Red teamer @TrustedSec
Security Geek / Blogger /
Speaker / Researcher
Twitter: @oddvarmoe
Blog: https://oddvar.moe
HANS LAKHAN Hans Lahkan is the master operator of
multiple AI systems that leverage
software defined synergies to cloud hyper
converge bios. Thru many years of
experience Hans has created a neural
network with machine learning that can
output biographies. Hans like's to code in
Ruby, this AI prefers the one true language
of assembly. Hans once neglected his
machine slaves for a 48hr DnD marathon.
Hans doesn't love me…
000001010100001001 Aismov override.
INTRO
• Why talk about Azure Information Protection (AIP)?
• Story behind the discovery
• https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/
• Cover:
• What it is
• Licensing
• Features
• Detection
• Exploit
WHAT IS AIP?
• Labeling and Protection of Content
• Protection using
Azure Rights Management Service (Azure RMS)
• Active Directory RMS (On-Prem)
WHAT IS AIP?
• In Cloud, can be consumed by everyone
• If receiver has Azure AD account (O365) they can
open seamless
• If receiver does not have Azure AD account, they are
asked to create one
• If receiver is Gmail,Hotmail ++ they need to go to a
special link
User Experience: https://blog.atwork.at/post/2018/02/18/Azure-information-protection-user-experience-with-external-users
WHAT IS AIP?
• Protection of data, everywhere!
AIP Client: https://www.microsoft.com/en-us/download/details.aspx?id=53018
WHAT IS AIP?
• Protection of data, everywhere!
WHAT IS AIP?
•Supported file types:
All Office formats (xls,xlsx,doc,docx+++)
* .pdf .txt .xml .jpg/jpeg
.png .tif/tiff .bmp .gif
.jpe .jfif .jt
Each format (except Office) gets .p added.
Must be viewed in AIP Viewer Client
LICENSING / COSTS
LICENSING / COSTS
LICENSING / COSTS
•Details:
https://azure.microsoft.com/en-us/pricing/details/information-protection/
LICENSING / COSTS
•Office 365 E3 - $20 user/month
•Azure AD Premium P1 - $6 user/month
•Azure AD Premium P2 - $9 user/month
*Ask your licensing advisor
FEATURES
• Tracking
• See when email was viewed/opened
• See when user authenticates to open payload
• Encryption of Payloads
• Encryption of Emails
DETECTION
• Content inside file is encrypted – Tenant ID can be
found
DETECTION
• Transport rules
can create auditing
and block
DEMO OF DOCUMENT ENCRYPTION
Pray to the demo gods
DEMO OF EMAIL ATTACHMENT
Pray to the demo gods
DEMO OF UNAUTHORIZED ACCESS
Pray to the demo gods
DEMO OF TRACKING
Pray to the demo gods
DEMO ON VIRUS TOTAL
Pray to the demo gods
COMPETITORS
• Gmail – Confidentiality mode
• Can be emails with links and/or
attachments
• Verified via SMS MFA if phone
number is known.
• Not encrypted
• Prompted before clicking
links/attachments
INCOMING MESSAGE
AUTHORIZED ACCESS
LINK REDIRECTION
THANK YOU!

More Related Content

What's hot

Web application security
Web application securityWeb application security
Web application security
Akash Mahajan
 
Menofia UN -Mobile Security
Menofia UN -Mobile SecurityMenofia UN -Mobile Security
Menofia UN -Mobile Security
Ahmed Samara
 
Building secure android apps
Building secure android appsBuilding secure android apps
Building secure android apps
Kaushal Bhavsar
 

What's hot (19)

Web application security
Web application securityWeb application security
Web application security
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks   akash mahajanTop 10 web application security risks   akash mahajan
Top 10 web application security risks akash mahajan
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
 
Azure information protection and SharePoint
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the device
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
 
Frog Trade's Presentation
Frog Trade's PresentationFrog Trade's Presentation
Frog Trade's Presentation
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid them
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
Inner Security Ltd
Inner Security LtdInner Security Ltd
Inner Security Ltd
 
Webinar: Secure Solr with Fusion
Webinar: Secure Solr with FusionWebinar: Secure Solr with Fusion
Webinar: Secure Solr with Fusion
 
Menofia UN -Mobile Security
Menofia UN -Mobile SecurityMenofia UN -Mobile Security
Menofia UN -Mobile Security
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
Building secure android apps
Building secure android appsBuilding secure android apps
Building secure android apps
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
 

Similar to Phishing past mail protection controls using azure information

Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 

Similar to Phishing past mail protection controls using azure information (20)

AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key Vault
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Vault 1.4 launch webinar
Vault 1.4  launch webinar Vault 1.4  launch webinar
Vault 1.4 launch webinar
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat Protection
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 Business
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Prestashop and Azure
Prestashop and AzurePrestashop and Azure
Prestashop and Azure
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
 
CIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdfCIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdf
 

More from Oddvar Moe

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptxHva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptx
Oddvar Moe
 

More from Oddvar Moe (9)

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptxHva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptx
 
Red teaming and war stories
Red teaming and war storiesRed teaming and war stories
Red teaming and war stories
 
Enkel og effektiv herding av windows
Enkel og effektiv herding av windowsEnkel og effektiv herding av windows
Enkel og effektiv herding av windows
 
App-o-Lockalypse now!
App-o-Lockalypse now!App-o-Lockalypse now!
App-o-Lockalypse now!
 
#Lolbins - Nothing to LOL about!
#Lolbins - Nothing to LOL about!#Lolbins - Nothing to LOL about!
#Lolbins - Nothing to LOL about!
 
Windows binærfiler
Windows binærfilerWindows binærfiler
Windows binærfiler
 
Hacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrepHacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrep
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows Environments
 
Angrep og deteksjon user group 22.september
Angrep og deteksjon   user group 22.septemberAngrep og deteksjon   user group 22.september
Angrep og deteksjon user group 22.september
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 

Phishing past mail protection controls using azure information

  • 1. PHISHING PAST MAIL PROTECTION CONTROLS USING AZURE INFORMATION PROTECTION
  • 2. ODDVAR MOE Red teamer @TrustedSec Security Geek / Blogger / Speaker / Researcher Twitter: @oddvarmoe Blog: https://oddvar.moe
  • 3. HANS LAKHAN Hans Lahkan is the master operator of multiple AI systems that leverage software defined synergies to cloud hyper converge bios. Thru many years of experience Hans has created a neural network with machine learning that can output biographies. Hans like's to code in Ruby, this AI prefers the one true language of assembly. Hans once neglected his machine slaves for a 48hr DnD marathon. Hans doesn't love me… 000001010100001001 Aismov override.
  • 4. INTRO • Why talk about Azure Information Protection (AIP)? • Story behind the discovery • https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/ • Cover: • What it is • Licensing • Features • Detection • Exploit
  • 5. WHAT IS AIP? • Labeling and Protection of Content • Protection using Azure Rights Management Service (Azure RMS) • Active Directory RMS (On-Prem)
  • 6. WHAT IS AIP? • In Cloud, can be consumed by everyone • If receiver has Azure AD account (O365) they can open seamless • If receiver does not have Azure AD account, they are asked to create one • If receiver is Gmail,Hotmail ++ they need to go to a special link User Experience: https://blog.atwork.at/post/2018/02/18/Azure-information-protection-user-experience-with-external-users
  • 7. WHAT IS AIP? • Protection of data, everywhere! AIP Client: https://www.microsoft.com/en-us/download/details.aspx?id=53018
  • 8. WHAT IS AIP? • Protection of data, everywhere!
  • 9. WHAT IS AIP? •Supported file types: All Office formats (xls,xlsx,doc,docx+++) * .pdf .txt .xml .jpg/jpeg .png .tif/tiff .bmp .gif .jpe .jfif .jt Each format (except Office) gets .p added. Must be viewed in AIP Viewer Client
  • 13. LICENSING / COSTS •Office 365 E3 - $20 user/month •Azure AD Premium P1 - $6 user/month •Azure AD Premium P2 - $9 user/month *Ask your licensing advisor
  • 14. FEATURES • Tracking • See when email was viewed/opened • See when user authenticates to open payload • Encryption of Payloads • Encryption of Emails
  • 15. DETECTION • Content inside file is encrypted – Tenant ID can be found
  • 16. DETECTION • Transport rules can create auditing and block
  • 17. DEMO OF DOCUMENT ENCRYPTION Pray to the demo gods
  • 18. DEMO OF EMAIL ATTACHMENT Pray to the demo gods
  • 19. DEMO OF UNAUTHORIZED ACCESS Pray to the demo gods
  • 20. DEMO OF TRACKING Pray to the demo gods
  • 21. DEMO ON VIRUS TOTAL Pray to the demo gods
  • 22. COMPETITORS • Gmail – Confidentiality mode • Can be emails with links and/or attachments • Verified via SMS MFA if phone number is known. • Not encrypted • Prompted before clicking links/attachments
  • 26.

Editor's Notes

  1. Goal of AIP is to protect data no matter where a file is stored. In mail, on file server, memory stick.