ALL Microsoft Azure Tenants Compromised GLOBALLY!
Daniel Boctor
@danielboctorAbout
I tell computers what to do I'm just here to share my experiences throughout my ongoing journey of computer science and software engineering studies. I have a passion for learning, and I hope you do too. I'm going into my 4th year of University, and am currently interning as a software engineer at Cisco Meraki.
Latest Posts
Video Description
A bug hunter found a global Microsoft Entra exploit, enabling anyone to compromise any Microsoft Azure / Microsoft 365 tenancy in the world. This was due to insecure input validation on a legacy Microsoft Azure AD Graph API. Whether you're a pen tester, security researcher, or cyber security expert, I hope you'll find this attack as fascinating as I did. JOIN THE DISCORD! 👉 https://discord.gg/WYqqp7DXbm Sources: https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ https://x.com/_dirkjan 0:00 – Intro 1:38 – Attack flow 3:13 – Actor Tokens 6:15 – Impersonation Tokens 8:37 – Vulnerable API 10:11 – Attack setup 12:57 – User ID discoverability attack 15:47 – Closing MUSIC CREDITS: LEMMiNO - Cipher https://www.youtube.com/watch?v=b0q5PR1xpA0 CC BY-SA 4.0 LEMMiNO - Firecracker https://www.youtube.com/watch?v=ulfoU2MziOc CC BY-SA 4.0 LEMMiNO - Nocturnal https://www.youtube.com/watch?v=epmoV2HRs9U CC BY-SA 4.0 LEMMiNO - Siberian https://www.youtube.com/watch?v=5py6E6yo7wk CC BY-SA 4.0 LEMMiNO - Encounters https://www.youtube.com/watch?v=xdwWCl_5x2s CC BY-SA 4.0 #software #computerscience #code #hacking #cybersecurity #exploit #vulnerability #pentesting #privacy #malware #cyber #cybersecurity #backdoor #hacked #NSA #cyberattack #FBI #deanonymize #anonymous #darknet #microsoft #azure #cloud #AWS #MS365 #microsoftazure #breach #databreach #hack #security #pentesting #API #web
No Recommendations Found
No products were found for the selected channel.