all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

DEF CON 31 - Azure B2C 0Day - An Exploit Chain from Public Keys to Microsoft Bug Bounty - John Novak

Add to bookmarks
Sept. 15, 2023, 9:29 p.m. | DEFCONConference

DEFCONConference www.youtube.com

This presentation will cover a complete exploit chain in Azure B2C, starting with a discovery of cryptographic misuse and leading to full account compromise in any tenant as an unauthenticated attacker.

Portions of this vulnerability have been released publicly, but several pieces were omitted to provide Microsoft time to remediate the issue and not put Azure B2C environments at unnecessary risk. New details in this talk include steps to reverse engineer and discover the crypto vulnerability along with details of …

0day account account compromise attacker azure b2c bounty bug bug bounty compromise con cryptographic def def con def con 31 discovery exploit john keys microsoft presentation public public keys unauthenticated vulnerability

Visit resource

More from www.youtube.com / DEFCONConference

DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater 1 week ago | www.youtube.com
analysis con cryptography def +17
DEF CON 31 - Breaking BMC The Forgotten Key to the Kingdom - Alex Tereshkin, … 1 week ago | www.youtube.com
access adam alex baseboard management controller +19
DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer … 1 week ago | www.youtube.com
con cost def def con +18
DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe … 1 week ago | www.youtube.com
analysis con def def con +17
DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan … 1 week ago | www.youtube.com
boston byt3bl33d3r city con +19
DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, … 1 week ago | www.youtube.com
automotive automotive industry car car hacking +17
DEF CON 31 - Staying Undetected Using the Windows Container Isolation Framework - Daniel Avinoam 1 week ago | www.youtube.com
called cases con container +21
DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn 1 week ago | www.youtube.com
abusing active directory authority con +19
DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep … 1 week ago | www.youtube.com
atm atms code code execution +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Business Information Security Officer

@ Metrolink | Los Angeles, CA
View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City
View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU
View on infosec-jobs.com

REF7225P- Information Security (HIPPA& GDPR) Pune-Contract Employee

@ WNS Global Services | Pune, India
View on infosec-jobs.com

Cortex Systems Engineer, SecOps Platform - North America

@ Palo Alto Networks | Remote, Texas, United States
View on infosec-jobs.com

Senior Threat Engineer

@ Zscaler | Tel Aviv-Yafo, Israel
View on infosec-jobs.com
View more jobs