14th and 15th February, 2025
Kaapelitehdas, Helsinki Finland
Living off Microsoft Copilot
Inbar Raz
mbg
Whatever your need as a hacker post-compromise, Microsoft Copilot has got you covered. Covertly search for sensitive data and parse it nicely for your use. Exfiltrate it out without generating logs. Most frightening, Microsoft Copilot will help you phish to move lately. Heck, it will even social engineer victims for you!
This talk is a comprehensive analysis of Microsoft copilot taken to red-team-level practicality. We will show how Copilot plugins can be used to install a backdoor into other user’s copilot interactions, allowing for data theft as a starter and AI-based social engineering as the main course. We’ll show how hackers can circumvent built-in security controls which focus on files and data by using AI against them.
Next, we will drop LOLCopilot, a red-teaming tool for abusing Microsoft Copilot as an ethical hacker to do all of the above. The tool works with default configuration in any M365 copilot-enabled tenant.
Finally, we will recommend detection and hardening your can put in place to protect against malicious insiders and threat actors with Copilot access.
This talk is a comprehensive analysis of Microsoft copilot taken to red-team-level practicality. We will show how Copilot plugins can be used to install a backdoor into other user’s copilot interactions, allowing for data theft as a starter and AI-based social engineering as the main course. We’ll show how hackers can circumvent built-in security controls which focus on files and data by using AI against them.
Next, we will drop LOLCopilot, a red-teaming tool for abusing Microsoft Copilot as an ethical hacker to do all of the above. The tool works with default configuration in any M365 copilot-enabled tenant.
Finally, we will recommend detection and hardening your can put in place to protect against malicious insiders and threat actors with Copilot access.
Inbar Raz
Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself. He started programming at the age of 9 and Reverse Engineering at the age of 14. He spent most of his career in the Internet and Data Security field, and the only reason he's not in jail right now is because he chose the right side of the law at an early age.
Inbar specializes in an outside-the-box approach to analyzing security and finding vulnerabilities, using his extensive experience of close to 30 years. Nowadays, Inbar is the VP of Research at Zenity, the leading platform for securing Business-led Development with Enterprise Copilots and Low-Code/No-Code development.
mbg
Michael Bargury is a hacker, builder and a cybersecurity practitioner. He has contributed to revealing novel attack vectors and establishing countermeasures through security standards in cloud, application security, and AI. He is the co-founder and CTO of Zenity, an application security company focused on business enablement in the large enterprise. He leads the OWASP LCNC Top 10 project, writes a column on DarkReading, and regularly delivers research, tools and talks at top conferences including BHUSA, defcon, OWASP and t2.
