Azure AD authentication offers multiple methods based on tenant and user configuration. While these methods can be enforced to enhance security, they also introduce new attack vectors that adversaries can exploit through carefully crafted social engineering techniques.
The talk walks through the complete lifecycle of a new attack vector: discovering vulnerable users via unauthenticated enumeration, then turning reconnaissance into successful account compromises.
Tested during four Red Team engagements, this method successfully compromised at least one account each time.
Attendees will gain insights into both the offensive techniques and the defensive measures organizations should implement to detect and prevent these authentication-based attacks.
