Simon Maxwell-Stewart
Simon is a Staff Security Researcher at BeyondTrust's Phantom Labs. Before getting into security he spent over a decade doing data science and machine learning, with a physics degree from Oxford and production ML work in healthcare. These days he's the resident graph nerd on the Phantom Labs team, applying graph analysis to identity security problems in Microsoft cloud environments. His recent research focuses on Entra ID attack paths and Azure infrastructure security.
Session
Microsoft Dataverse lets you deploy custom .NET plugins that run server-side in process-isolated Windows Server containers. We deployed one. Within minutes we had SYSTEM on the box, a full LSASS dump, NTLM hashes, DPAPI master keys, a production TLS private key for Microsoft's sandbox infrastructure, internal Microsoft tenant IDs, 52 other customers' organization GUIDs, and 46 proprietary Microsoft DLLs that were never meant to leave that container.
By decompiling those DLLs (nearly 14,000 C# source files), we reverse-engineered the gRPC protocol that the sandbox uses internally, discovered every method is unauthenticated, and built custom tooling to call them. That path eventually led us to explore cross-tenant code execution, though we'll be honest about what we could and couldn't prove there.
This talk is about what you can pull out of a cloud sandbox when the defaults are too permissive, and how a pile of exfiltrated DLLs turned into a much bigger problem than anyone expected.