Dirk-jan Mollema
Dirk-jan Mollema is a security researcher focusing on Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at DEF CON, Black Hat, TROOPERS, BlueHat and many other conferences, is a current Microsoft MVP and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.
Session
In 2019 I gave my first public conference talk here at TROOPERS, titled "I'm in your cloud", covering hybrid Active Directory and Azure AD environments. Little did I know that this would be the start of a much bigger research project that covered many more aspects of Azure AD, or Entra ID as it is called these days. Eventually this analysis of hybrid AD/Entra ID led to the discovery of Actor Tokens, and with that the only CVSS 10.0 CVE ever issued for the identity system of a major cloud provider.
In this talk I will go through the history of hybrid AD/Entra ID vulnerabilities that were there since my first talk at TROOPERS and how this led to the discovery of this critical flaw. Of course we will also cover the technicalities and how the "I'm in your cloud" series concluded with being able to take over everyone's (Microsoft) cloud.