Bad neighbors: Cross tenant exploitation in Azure and Entra ID

 
English Expert Security

In this talk, we will explore what a guest user is under the hood, and in which scenarios it may be abused. We will introduce a new technique for abusing guest users across tenants, and look at scenarios where that technique could be catastrophic to the security of an organization. To show how to exploit these scenarios, we will introduce a new azure pentesting tool that can be used to help test and exploit both guest users, as well as the rest of the Azure and Entra ID ecosystem. Guest users in Entra ID are heavily used for business-to-business collaboration, and administration of cloud resources by partners. However, they have a dark side that is anchored deep within the implementation of guest users in Entra ID.

Speaker

Cody Burkard

Azure pentester and security architect

Cody Burkard is a pentester and security architect specializing in Azure security. With 8 years of experiencin Azure and application security testing, Cody's research interest is on novel offensive security techniques against cloud environments, and how to build resilient architectures to protect against them.

Code of Conduct

We seek to provide a respectful, friendly, professional experience for everyone, regardless of gender, sexual orientation, physical appearance, disability, age, race or religion. We do not tolerate any behavior that is harassing or degrading to any individual, in any form. The Code of Conduct will be enforced.

Who does this Code of Conduct apply to?

All live stream organizers using the Global Azure brand and Global Azure speakers are responsible for knowing and abiding by these standards. Each speaker who wishes to submit through our Call for Presentations needs to read and accept the Code of Conduct. We encourage every organizer and attendee to assist in creating a welcoming and safe environment. Live stream organizers are required to inform and enforce the Code of Conduct if they accept community content to their stream.

Where can I get help?

If you are being harassed, notice that someone else is being harassed, or have any other concerns, report it. Please report any concerns, suspicious or disruptive activity or behavior directly to any of the live stream organizers, or directly to the Global Azure admins at team@globalazure.net. All reports to the Global admin team will remain confidential.

Code of Conduct for local live streams

We expect local organizers to set up and enforce a Code of Conduct for all Global Azure live stream.

A good template can be found at https://confcodeofconduct.com/, including internationalized versions at https://github.com/confcodeofconduct/confcodeofconduct.com. An excellent version of a Code of Conduct, not a template, is built by the DDD Europe conference at https://dddeurope.com/2020/coc/.