14th and 15th February, 2025
Kaapelitehdas, Helsinki Finland
Microsoft Entra ID: Gateway to Supply Chain Attacks on a Global Scale
Martin Haller
Entra ID holds a criticality on par with Active Directory; its compromise equates to the compromise of the entire company. Standard security practices include the use of dedicated administration accounts, Privileged Identity Management (PIM), Multi-Factor Authentication (MFA) requirements, and Conditional Access Policies to safeguard and protect the environment.
However, there are dangers that sometimes go unnoticed. In on-premise Active Directory, issues such as credential caching (dumping via tools like Mimikatz), NTLM attacks (including NTLM relay and Net-NTLM hash cracking), among others, enable ransomware threat actors to move laterally within a matter of hours.
Entra ID, a recent and complex technology, is not exempt from these issues. As best practices continue to evolve, there is room for misconfigurations that can be just as exploitable.
In my presentation, I will elucidate how poor practices and misconfigurations in Enterprise Applications and GDAP can lead to an exponential supply chain attack. The session aims to shed light on these vulnerabilities, providing insights into how they can be identified and mitigated to protect against such expansive threats.
However, there are dangers that sometimes go unnoticed. In on-premise Active Directory, issues such as credential caching (dumping via tools like Mimikatz), NTLM attacks (including NTLM relay and Net-NTLM hash cracking), among others, enable ransomware threat actors to move laterally within a matter of hours.
Entra ID, a recent and complex technology, is not exempt from these issues. As best practices continue to evolve, there is room for misconfigurations that can be just as exploitable.
In my presentation, I will elucidate how poor practices and misconfigurations in Enterprise Applications and GDAP can lead to an exponential supply chain attack. The session aims to shed light on these vulnerabilities, providing insights into how they can be identified and mitigated to protect against such expansive threats.
Martin Haller
Martin Haller, co-founder of PATRON-IT (MSSP company based in the Czech Republic), is an ethical hacker and an expert in cybersecurity. He is deeply committed to understanding the attacker's mindset to develop effective defense strategies, focusing on identifying and reinforcing critical vulnerabilities in information security. Martin holds prestigious certifications such as OSCP (Offensive Security Certified Professional), CHFI (Computer Hacking Forensic Investigator), ECSA (EC-Council Certified Security Analyst), and MCSE (Microsoft Certified Systems Engineer).
