Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud

Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
Sean Metcalf (Trimarc) & Mark Morowczynski (Principal Program Manager, Microsoft)

The allure of the “Cloud” is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and resources. The Cloud is a new paradigm and the rapid update pace makes it difficult to keep up, especially when it comes to security.

This presentation focuses on the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation. While the content is focused on the Microsoft Cloud, some of the attack and defense topics are applicable to other cloud providers and are noted where applicable.

Key items covered:
Attacks against the Cloud
Account compromise and token theft
Methods to detect attack activity
Cloud identity firewall
Securing cloud infrastructure against attacks
Secure cloud administration

Slides (PDF)

(Visited 13,400 times, 1 visits today)