Register for #HIPConf25!

UnOAuthorized Privilege Escalation

 

For customers of Microsoft 365 and Azure, obtaining the role of Global Administrator—the Domain Administrator of the cloud—is every attacker’s dream. This makes the threat of a threat group or hacker gaining access to the Global Administrator role every organization’s nightmare. Fortunately, well-defined role-based access control and a strict application consent model can severely limit who can get fingers on Global Administrator—or do they?

This session explores a novel technique that resulted in privilege escalation to Global Administrator, among other nefarious privileged actions, in Entra ID. The research that resulted in the technique provides interesting twists, such as an exploration of Microsoft first-party applications and their Microsoft Graph application permissions and the discovery of a path to Global Administrator hiding where least expected.

Part conversation about the research background, part exploration of application permissions in Entra ID, this session will walk you step by step through the path to privilege escalation. And although Microsoft has resolved the underlying vulnerability, we will cover the markers that organizations can look for to determine whether they were vulnerable to this abuse.

Slide Deck: https://www.semperis.com/wp-content/uploads/resources-pdfs/hipconf-2024/unoauthorized.pdf

March 21, 2025
See Other Session
Entra ID Recovery: Two Truths and a Lie
Uncategorized
Entra ID Recovery: Two Truths and a Lie

When Your Enterprise PKI Is the Enemy: Threats to AD and Entra ID Security
Uncategorized
When Your Enterprise PKI Is the Enemy: Threats to AD and Entra ID Security

Cyber Threat: The Fifth Horseman of the Apocalypse
Uncategorized
Cyber Threat: The Fifth Horseman of the Apocalypse

Fireside Chat on Passwordless Authentication
Uncategorized
Fireside Chat on Passwordless Authentication

Resisting Ransomware Real-Life Lessons
Uncategorized
Resisting Ransomware Real-Life Lessons

How to Defend Your Organization Against AI-Based Threats
Uncategorized
How to Defend Your Organization Against AI-Based Threats

State of Identity Security
Uncategorized
State of Identity Security

Making Sense of Security
Uncategorized
Making Sense of Security

Making Your Passwordless Environment Fully Phishing-Resistant
Uncategorized
Making Your Passwordless Environment Fully Phishing-Resistant

Prevention Alone Isn’t Enough – How EDR and ITDR Provide Layered Defense Against Identity-Based Attacks
Uncategorized
Prevention Alone Isn’t Enough – How EDR and ITDR Provide Layered Defense Against Identity-Based Attacks

Learn More