Hacking Azure AD Identities – Nestori Syynimaa
October 19 @ 1:00 pm – 1:50 pm MDT
Presented by: Nestori Syynimaa
In the cloud era, identity has become a new security perimeter. Over 90 per cent of Fortune 500 organizations use Microsoft’s cloud-based identity and access management system, Azure AD. Azure AD can be deployed in cloud-only and hybrid modes. The former is more secure as the latter involves connecting your on-prem services to Azure AD.
This provides a greater attack surface to adversaries. In this talk, I’ll cover how to steal and fake Azure AD identities by attacking cloud, on-prem services, and endpoint devices.
Dr Nestori Syynimaa is one of the world’s leading Azure AD / M365 experts and the developer of the AADInternals toolkit. He has worked with Microsoft cloud services for over a decade and has been MCT since 2013, MVP since 2020, and awarded Microsoft Most Valuable Security Researcher for 2021. Dr Syynimaa is a Senior Principal Security Researcher for Secureworks Counter Threat Unit. Before moving to his current position, Dr Syynimaa worked as a CIO, consultant, trainer, researcher, and university lecturer for almost 20 years.Dr Syynimaa has spoken at many international scientific and professional conferences, including IEEE TrustCom, Black Hat (US, EU, Asia), DEFCON, and RSA.