top of page

BSides Dublin - The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations





We have an Identity problem and not the kind you think of when you look in the mirror. Attacks have shifted from the perimeter to the endpoints and now attackers have their sights on identity. This talk explores the issues with Identity security specifically the two most popular identity systems, Active Directory & Azure AD ("Entra ID" for those who read Microsoft's press releases). These Identity security issues lead to compromise of systems that leverage the identity system for authentication/authorization.



Explored during this talk are the most common ways attackers compromise Identity systems, well-known breaches related to these issues (including the recent MGM breach), and the best ways to mitigate them. Attendees will leave this talk with a better understanding of attacker techniques to compromise Active Directory & Azure AD (Entra ID) as well as methods to best mitigate these attacks


Download Sean's slides below. No registration required. Check back here for the full video once it's available from the organizers. Enjoy!



2024-BSidesDublin-MicrosoftIdentitySecurity-Metcalf-FINAL (1)
.pdf
Download PDF • 4.13MB



386 views

Comments


bottom of page