From User to Entra ID Admin | Sean Metcalf скачать в хорошем качестве

From User to Entra ID Admin | Sean Metcalf

🔗 Join us in-person and virtually at our Wild West Hackin' Fest: information security conferences — https://wildwesthackinfest.com/ 🔗 Register for Infosec Webcasts, Anti-casts & Summits. – https://poweredbybhis.com It only takes minutes for an attacker to compromise an account with access. The account doesn't even need to have obvious privileged rights for the attacker to own the cloud environment. This talk covers methods in Entra ID to go from standard user access to Entra ID Global Admin. 00:00 - Welcome, intro 00:05 - Whoami 00:07 - Agenda 00:43 - Entra ID Level 0 01:47 - TriMarc Entra ID Level 0 Roles 02:53 - TriMarc Entra ID Level 1 Roles 04:18 - CHART - Who can change what (Andy Robbins version) 04:41 - TriMarc Level 0 Applications 06:48 - Entra ID Security Posture 07:48 - Entra ID Common Security Issues 09:40 - Highly-privileged user accounts 11:43 - Privileged roles with group nesting 13:05 - Role Assignable Group in different tenant 13:49 - Conditional Access Policies 16:53 - Conditional Access policy gaps 19:44 - Microsoft Managed Policies 20:34 - Attacking Entra ID 23:31 - evilginx Token Theft 25:03 - Application Escalation 26:48 - Solarigate “Tenant Hopping” 28:37 - Move to Granular Delegated Admin Privileges (GDAP) 29:53 - Midnight Blizzard 31:59 - Securing Entra ID Administration 34:11 - Entra Password Protection 34:51 - Phishing Defensive Layers 35:38 - Key Cloud Admin Security Controls 37:09 - The most resilient MFA methods 37:42 - Common Persistence Method Checks 40:23 - Conclusion 40:45 - Q&A - Does AD pass plaintext passwords to Entra? 43:24 - Q&A - MFA Enforcement requirement 45:05 - Q&A - Is Teams a target? 46:49 - Q&A - Break Glass Account 48:04 - Q&A - How to find non-standard tenants? ///Black Hills Infosec Socials Twitter:   / bhinfosecurity   Mastodon: https://infosec.exchange/@blackhillsi... LinkedIn:   / antisyphon-training   Discord:   / discord   ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.mysh... ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/ser... Penetration Testing: https://www.blackhillsinfosec.com/ser... Incident Response: https://www.blackhillsinfosec.com/ser... ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pa... Live Training: https://www.antisyphontraining.com/co... On Demand Training: https://www.antisyphontraining.com/on... Antisyphon Discord:   / discord   Antisyphon Mastodon: https://infosec.exchange/@Antisy_Trai... ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube:    / wildwesthackinfest   Antisyphon Training YouTube:    / antisyphontraining   Active Countermeasures YouTube:    / activecountermeasures   Threat Hunter Community Discord:   / discord   Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/