In this talk, we will explore what a guest user is under the hood, and in which scenarios it may be abused. We will introduce a new technique for abusing guest users across tenants, and look at scenarios where that technique could be catastrophic to the security of an organization.
To show how to exploit these scenarios, we will introduce a new azure pentesting tool that can be used to help test and exploit both guest users, as well as the rest of the Azure and Entra ID ecosystem.
Guest users in Entra ID are heavily used for business-to-business collaboration, and administration of cloud resources by partners. However, they have a dark side that is anchored deep within the implementation of guest users in Entra ID.
This session will be held by Cody Burkard. Cody has a background in Azure testing and application security testing in cloud environments, Cody's research interest is on novel offensive security techniques against cloud environments, and how to build resilient architectures to protect against them. Cody Burkard is a partner and principal security architect in O3 Cyber.
Want to check if your cloud is secure? Then do not miss this session!