This research explores the vulnerabilities within Microsoft Azure Active Directory’s Pass-Through Authentication (PTA) mechanism, focusing on the credential validation process. By analyzing PTA’s architecture and operation, the study identifies specific weaknesses that could be exploited by attackers to bypass authentication and gain unauthorized access to cloud environments. The research provides a detailed examination of these vulnerabilities, supported by practical examples and potential attack scenarios, offering insights into improving the security of Azure AD deployments.
Talk
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
March 13, 14:30 (CLOUD)
Speaker
Ilan Kalendarov
Ilan Kalendarov is a security researcher at Cymulate focused primarily on Windows research. Previously he worked as a red teamer for the Israel Defense Forces. Ilan is passionate about defense evasion tactics and how Windows internals work.
Elad Beber
A cybersecurity expert who specializes in cloud environments and low-level reverse engineering. He holds a B.Sc degree in Computer Science. Elad is also a member of the CamelRiders CTF team.
