all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

DEF CON 31 - Azure B2C 0Day - An Exploit Chain from Public Keys to Microsoft Bug Bounty - John Novak

Add to bookmarks
Sept. 15, 2023, 9:29 p.m. | DEFCONConference

DEFCONConference www.youtube.com

This presentation will cover a complete exploit chain in Azure B2C, starting with a discovery of cryptographic misuse and leading to full account compromise in any tenant as an unauthenticated attacker.

Portions of this vulnerability have been released publicly, but several pieces were omitted to provide Microsoft time to remediate the issue and not put Azure B2C environments at unnecessary risk. New details in this talk include steps to reverse engineer and discover the crypto vulnerability along with details of …

0day account account compromise attacker azure b2c bounty bug bug bounty compromise con cryptographic def def con def con 31 discovery exploit john keys microsoft presentation public public keys unauthenticated vulnerability

Visit resource

More from www.youtube.com / DEFCONConference

DEF CON 31 DCGVR Village - Allen Baranov -What Is A GRC Hacker 1 month ago | www.youtube.com
con def def con def con 31 +5
DEF CON 31 - There Are No Mushroom Clouds in Cyberwar - Mieke Eoyang 7 months, 2 weeks ago | www.youtube.com
clouds con conflict culture +20
DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn 7 months, 2 weeks ago | www.youtube.com
abusing active directory authority con +19
DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep … 7 months, 2 weeks ago | www.youtube.com
atm atms code code execution +20
DEF CON 31 - The GitHub Actions Worm - Asi Greenholts 7 months, 2 weeks ago | www.youtube.com
actions attacker attackers con +14
DEF CON 31 - Defeating VPN Always On - Maxime Clementz 7 months, 2 weeks ago | www.youtube.com
access always on attack attack surface +22
DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, … 7 months, 2 weeks ago | www.youtube.com
automotive automotive industry car car hacking +17
DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe … 7 months, 2 weeks ago | www.youtube.com
analysis con def def con +17
DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded … 7 months, 2 weeks ago | www.youtube.com
abusing automotive bus can bus +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Consultant infrastructure sécurité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

SOC Analyst

@ Wix | Tel Aviv, Israel
View on infosec-jobs.com

Information Security Operations Officer

@ International Labour Organization | Geneva, CH, 1200
View on infosec-jobs.com

PMO Cybersécurité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Third Party Risk Management - Consultant

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Consultant Cyber Sécurité H/F - Strasbourg

@ Hifield | Strasbourg, France
View on infosec-jobs.com
View more jobs