Dirk-jan Mollema
Dirk-jan Mollema is a hacker and researcher of Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.
Session
Entra ID Conditional Access is the guard dog of your tenant. But to set it up in a secure way is quite complicated, even if you know all the processing details, which are not always documented.
In this talk we go from a bypass found by accident to a structured approach of mapping Entra ID applications and the different behavior of Conditional Access policies. We found corner cases in which some policies are not or cannot be applied, which can function as bypasses if attackers want to target your tenant.
Join us for a wild ride into authentication protocols, OAuth scopes and pre-consented permissions.
And of course, we don’t want to keep you in the dark about how to protect against some of those bypasses and what indicators to look out for.