DeepSec 2020 Talk: Abusing Azure Active Directory: Who Would You Like To Be Today? — Dr. Nestori Syynimaa

DeepSec Conference
3 min readSep 14, 2020

This will be one of the few online talks held at DeepSec. Dr. Nestori Syynimaa covers the wonderful world of Azure AD and third-party code.

Azure AD is used by Microsoft Office 365 and over 2900 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation, pass-through authentication, and seamless single-sign-on. In this session, using AADInternals PowerShell module, I’ll demonstrate the exploitation of these vulnerabilities to create backdoors, impersonate users, and bypass MFA. The purpose of this session is to raise awareness of the importance of the principle of least privilege and the role of on-prem security to cloud security.

We asked Dr. Nestori Syynimaa a few more questions about his talk.

Please tell us the most important facts about your talk.

  • Azure AD acts as an identity provider for many cloud services
  • To protect identities, you must protect Azure AD
  • There are several ways a rogue admin can create backdoors to Azure AD
  • To protect cloud, you need to protect your on-prem too

How did you come up with it? Was there something like an initial spark that set your mind on creating this…