2. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
3 communautés pour partager,
échanger et apprendre
Power BI, Data, IA, Power Platform, Office 365, SharePoint, etc.
4. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
The European SharePoint, Office 365 & Azure Conference
4 Days 2,500 Delegates 150+ Sessions 120 Speakers
Use code ESPC19SPSP for 10% discount on all tickets
www.sharepointeurope.com
6. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
❖ Ivan Vagunin, Ph.D.
❖ Systems Architect at Digia Oy
❖ MSCM: SharePoint
❖ Security researcher, MSRC TOP 100 BH 2018
❖ Occasional community contributor
❖ https://twitter.com/ivagunin
Who am I?
7. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
Troubleshooting
“Analyse and solve serious problems for a
company or other organization. trace and correct
faults in a mechanical or electronic system.”
9. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
“Backward chaining is the logical process of
inferring unknown truths from known
conclusions by moving backward from a solution
to determine the initial conditions and rules.”
Why did it happen?
11. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
❖SharePoint Online
❖Classic team site (with publishing features)
❖Users from external network see different
home page
Reconnaissance
16. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
❖Do not make rush assumptions
❖Plan MUI responsibly
❖Avoid using web parts for branding
Lessons learned
18. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
❖ SharePoint 2013, 4 servers
❖ Intranet is a single site collection
❖ Non-privileged users lost access to Intranet
❖ Site collection admin still had access
❖ Non-privileged users had access few hours before incident
Reconnaissance
21. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
❖Use right tools to process logs
❖Use timing to correlate events in logs
❖Use least privilege principal
❖Use multiple site collection to isolate users
Lessons learned
30. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
Attacks against .net deserialization
❖Deserialization of user controlled type
❖Deserialization of user controlled object (or
some part of object)
https://www.blackhat.com/docs/us-17/thursday/us-17-
Munoz-Friday-The-13th-JSON-Attacks-wp.pdf