Martin Haller
Martin Haller, co-founder of PATRON-IT, a managed security services provider (MSSP) based in the Czech Republic, is an ethical hacker and cybersecurity expert. He is deeply committed to understanding the attacker’s mindset to develop effective defense strategies, focusing on identifying and addressing critical vulnerabilities in information security. A frequent speaker at conferences, Martin shares insights from real-world audits and security incidents to help organizations strengthen their defenses. He actively engages with others, exchanging ideas and collaborating to develop better solutions for building a safer and more secure digital world. Martin holds multiple certifications, including OSCP, CHFI, ECSA, and MCSE. digital world. Martin holds multiple certifications, including OSCP, CHFI, ECSA, and MCSE.
Session
There are auditing tools that focus on the fundamentals of Entra ID security—like MFA, Conditional Access Policies, role assignments and best-practice configurations. While many organizations still struggle to address these basics (and thus remain prime targets for threat actors), we must also consider the adversary’s next move after these foundational security gaps are closed.
That’s where RBAC (Role-Based Access Control) comes in. RBAC appears in a wide range of Microsoft 365 services, yet it often slips under the radar—leaving critical gaps in your security posture. In this talk, we’ll dive into how attackers exploit these RBAC pitfalls and demonstrate the chain reactions that can arise from seemingly benign role assignments.
Join us to uncover what truly lies in this “shady place” of Entra ID security and learn how to harden your defenses against these advanced, often underestimated threats.