当前位置:首页 > 报告详情

埃里克·伍德拉夫_未经授权的一种权限提升到全球管理员的技术.pdf

上传人: 张** 编号:175380 2024-09-13 137页 5.52MB

1、#BHUSA BlackHatEventsUnOAuthorizedUnOAuthorizedEric WoodruffSenior Security Researcher,Semperis#BHUSA BlackHatEventsEric WoodruffSenior Security Researcherericonidentityinfosec.exchange/in/ericonidentity#BHUSA BlackHatEventsUnauthorized+OAuth 2.0#BHUSA BlackHatEventsUnauthorized1+OAuth 2.0#BHUSA Bla

2、ckHatEventsUnOAuthorized11h/t to myself,AI did not help with this name#BHUSA BlackHatEventsBackgroundBackground#BHUSA BlackHatEventsBackgroundPlenty of research on Entra ID app permissions and roles1GitHub-secureworks/family-of-client-ids-research:Research into Undocumented Behavior of Azure AD Refr

3、esh TokensAzure Redirect URI Takeover Vulnerability|SecureworksEverything about Service Principals,Applications,and API Permissions|Microsoft 365 Security()Automating application permission grant while avoiding AppRoleAssignment.ReadWrite.All|by Sahil Malik|WStealthy Persistence with“Directory Synch

4、ronization Accounts”Role in Entra ID|by Clment Notin Tenable|Tenable TechBlog|Jun,2024|MediumThe Intersection of Graph and Entra ID:Application Permissions and Roles-Eric on IdentityAzure AD privilege escalation-Taking over default application permissions as Application Admin-dirkjanm.ioThe Most Dan

5、gerous Entra Role Youve(Probably)Never Heard Of|by Andy Robbins|Posts By SpecterOpsTeam MembersHow to Backdoor Azure Applications and Abuse Service Principals()1A very small,non-exhaustive list#BHUSA BlackHatEvents#BHUSA BlackHatEventsOWNING THE CLOUDDOMAIN ADMINGLOBAL ADMIN#BHUSA BlackHatEventsSett

6、ing the stageSetting the stage#BHUSA BlackHatEventsApplication Administrator RoleEntra ID#BHUSA BlackHatEventsApplication Administrator RoleEntra IDApplication AdministratorCloud Application Administrator#BHUSA BlackHatEventsApplication Administrator RoleEntra IDApplication AdministratorCloud Applic

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要讨论了通过Microsoft应用程序进行权限提升的方法。文章指出,通过OAuth 2.0客户端凭证授予流(CCGF),应用程序可以使用服务主体的客户端ID和机密向Entra ID请求访问令牌,然后使用该访问令牌调用Microsoft Graph。Microsoft Graph验证访问令牌后,会返回请求的数据。文章还列出了支持OAuth 2.0 CCGF的Microsoft应用程序,并指出Device Registration Service、Viva Engage (Yammer)和Microsoft Rights Management Services等应用程序存在权限提升的风险。最后,文章建议组织应检查审计日志数据和服务主体,以寻找可疑的凭证和活动,以防止权限提升的发生。
如何通过Microsoft应用程序实现权限提升? 为什么Microsoft应用程序容易受到权限提升攻击? 如何防御Microsoft应用程序的权限提升攻击?
客服
商务合作
小程序
服务号
折叠