all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ab)using the Microsoft Identity Platform: ExploringAzure AD Token Caching

Add to bookmarks
Dec. 15, 2023, 10:16 p.m. | SANS Offensive Operations

SANS Offensive Operations www.youtube.com

This presentation examines how JSON Web Token (JWT) caching works in corporate settings with Azure Active Directory (Azure AD) integration, including Azure AD Joined and Hybrid environments. These tokens, accessible to local users, interface with a variety of authorized protected web services. Local attackers can leverage these tokens to access critical corporate resources, like Outlook, Drive, SharePoint, and Teams. While API access is interesting, its operational implications are not always ideal. On the IBM Adversary Services team, we have developed …

access active directory attackers azure azure active directory azure ad corporate critical directory environments hybrid identity integration interface joined json jwt local microsoft platform presentation services settings token tokens web web services

Visit resource

More from www.youtube.com / SANS Offensive Operations

Mastering Adversary Emulation with Caldera: A Practical Guide 1 month, 1 week ago | www.youtube.com
adversary adversary emulation application bolster +16
The Second Rule of Hacking: There Are No Rules 1 month, 1 week ago | www.youtube.com
attacks block businesses cat +13
From Pentest to Red Team: Overview of The Necessary Skills and Breakdown of Frameworks 1 month, 1 week ago | www.youtube.com
dave frameworks guide informative +10
OT Pen-testing: How Not to Sink an Oil Rig 1 month, 2 weeks ago | www.youtube.com
adversary adversary emulation application bolster +19
Fortifying Resilience: An In-Depth Exploration of the Overall Product Security Assessment Poster 1 month, 2 weeks ago | www.youtube.com
assessment attacks author course +16
SANS Pen Test 2024: A Sneak Peek Into All That's in Store! 1 month, 4 weeks ago | www.youtube.com
austin cybersecurity cybersecurity innovation cybersecurity training +20
SANS Pen Test 2024: A Sneak Peek Into All That's in Store! 2 months ago | www.youtube.com
austin cybersecurity cybersecurity innovation cybersecurity training +20
Learn About SEC565: Red Team Operations and Adversary Emulation 2 months, 4 weeks ago | www.youtube.com
adversary adversary emulation course emulation +21
A Compendium of Exploits and Bypasses for eBPF-based Cloud Security 4 months, 1 week ago | www.youtube.com
basic cloud cloud security ebpf +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States
View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India
View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone
View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA
View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs