Sept. 15, 2023, 9:29 p.m. | DEFCONConference


This presentation will cover a complete exploit chain in Azure B2C, starting with a discovery of cryptographic misuse and leading to full account compromise in any tenant as an unauthenticated attacker.

Portions of this vulnerability have been released publicly, but several pieces were omitted to provide Microsoft time to remediate the issue and not put Azure B2C environments at unnecessary risk. New details in this talk include steps to reverse engineer and discover the crypto vulnerability along with details of …

0day account account compromise attacker azure b2c bounty bug bug bounty compromise con cryptographic def def con def con 31 discovery exploit john keys microsoft presentation public public keys unauthenticated vulnerability

Business Information Security Officer

@ Metrolink | Los Angeles, CA

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

Security Engineer

@ ChartMogul | Remote, EU

REF7225P- Information Security (HIPPA& GDPR) Pune-Contract Employee

@ WNS Global Services | Pune, India

Cortex Systems Engineer, SecOps Platform - North America

@ Palo Alto Networks | Remote, Texas, United States

Senior Threat Engineer

@ Zscaler | Tel Aviv-Yafo, Israel