Tool Shed Demo: Token Tactics: A Tactical Usage Demo – Steve Borosh

Microsoft 365 accounts are an increasingly juicy target for attackers. With features like SharePoint to store company secrets, Microsoft Teams messages to share admin passwords, and Entra ID abuses for privilege escalation and persistence, attackers know that the cloud is becoming best place to target for initial access.

This demo will walk you through how an offensive operator may utilize this attack flow beginning with the initial phish, to accessing sensitive files on “restricted” SharePoint sites, and some detections and remediations along the way.

Steve Borosh is a proud U.S. Army Infantry veteran and security consultant at Black Hills Information Security. Steve has extensive experience as a penetration tester, red team operator, and instructor since 2014. Steve has instructed courses on penetration testing and red teaming for the public, private, and federal law enforcement sectors. Steve also has experience teaching and speaking at conferences such as Blackhat, various BSides events, Gartner, and others. Steve maintains a blog and GitHub repository to share knowledge and open-source offensive tools with the community. Steve earned a B.S. in Computer and Information Science from ECPI University.