SlideShare ist ein Scribd-Unternehmen logo

Phishing past mail protection controls using azure information

Als PPTX, PDF herunterladen
O
Oddvar Moe

Video of the talk: https://youtu.be/EYUp_MNtJIk Email filters giving you a hard time when sending those phishes? This talk goes over how to leverage Azure Information Protection to phish in a new way that bypasses protections and frustrates IR. This talks showcases how technology that was designed to encrypt, trackand protect sensitive content can be used for evil purposes as well. What is AIP? How do I start using it? How does it work? Am I missing out? Can I get a lot of shellz? These and many other questions will be answered during this talk that you don't want to miss if you are constantly having a hard time getting those phishes into organizations. Hans Lahkan controls multiple AI systems that leverage software defined synergies to cloud hyper converge bios. Thru many years of experience Hans has created a neural network with ML that can output biographies. Hans once neglected his machine slaves for a 48hr DnD marathon. Hans doesn?t love me? 000001010100001001 Aismov override. Oddvar Moe is a Red teamer, Microsoft MVP, Security Researcher, blogger, trainer, speaker and works at TrustedSec as a Senior Security Consultant. Mostly known for his work around AppLocker bypasses, LOLBins/LOLBAS and persistence techniques. Oddvar Moe - @oddvarmoe , Hans Lakhan - @jarsnah12

Technologie
1 von 27
PHISHING PAST MAIL PROTECTION CONTROLS USING AZURE INFORMATION PROTECTION
ODDVAR MOE Red teamer @TrustedSec Security Geek / Blogger / Speaker / Researcher Twitter: @oddvarmoe Blog: https://oddvar.moe
HANS LAKHAN Hans Lahkan is the master operator of multiple AI systems that leverage software defined synergies to cloud hyper converge bios. Thru many years of experience Hans has created a neural network with machine learning that can output biographies. Hans like's to code in Ruby, this AI prefers the one true language of assembly. Hans once neglected his machine slaves for a 48hr DnD marathon. Hans doesn't love me… 000001010100001001 Aismov override.
INTRO • Why talk about Azure Information Protection (AIP)? • Story behind the discovery • https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/ • Cover: • What it is • Licensing • Features • Detection • Exploit
WHAT IS AIP? • Labeling and Protection of Content • Protection using Azure Rights Management Service (Azure RMS) • Active Directory RMS (On-Prem)
WHAT IS AIP? • In Cloud, can be consumed by everyone • If receiver has Azure AD account (O365) they can open seamless • If receiver does not have Azure AD account, they are asked to create one • If receiver is Gmail,Hotmail ++ they need to go to a special link User Experience: https://blog.atwork.at/post/2018/02/18/Azure-information-protection-user-experience-with-external-users
WHAT IS AIP? • Protection of data, everywhere! AIP Client: https://www.microsoft.com/en-us/download/details.aspx?id=53018
WHAT IS AIP? • Protection of data, everywhere!
WHAT IS AIP? •Supported file types: All Office formats (xls,xlsx,doc,docx+++) * .pdf .txt .xml .jpg/jpeg .png .tif/tiff .bmp .gif .jpe .jfif .jt Each format (except Office) gets .p added. Must be viewed in AIP Viewer Client
LICENSING / COSTS
LICENSING / COSTS
LICENSING / COSTS •Details: https://azure.microsoft.com/en-us/pricing/details/information-protection/
LICENSING / COSTS •Office 365 E3 - $20 user/month •Azure AD Premium P1 - $6 user/month •Azure AD Premium P2 - $9 user/month *Ask your licensing advisor
FEATURES • Tracking • See when email was viewed/opened • See when user authenticates to open payload • Encryption of Payloads • Encryption of Emails
DETECTION • Content inside file is encrypted – Tenant ID can be found
DETECTION • Transport rules can create auditing and block
DEMO OF DOCUMENT ENCRYPTION Pray to the demo gods
DEMO OF EMAIL ATTACHMENT Pray to the demo gods
DEMO OF UNAUTHORIZED ACCESS Pray to the demo gods
DEMO OF TRACKING Pray to the demo gods
DEMO ON VIRUS TOTAL Pray to the demo gods
COMPETITORS • Gmail – Confidentiality mode • Can be emails with links and/or attachments • Verified via SMS MFA if phone number is known. • Not encrypted • Prompted before clicking links/attachments
INCOMING MESSAGE
AUTHORIZED ACCESS
LINK REDIRECTION
THANK YOU!

Empfohlen

iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift Bunty Madan
 
Web security
Web security Web security
Web security Kaushal Bhavsar
 
Continuous Integration and Quality Development
Continuous Integration and Quality DevelopmentContinuous Integration and Quality Development
Continuous Integration and Quality DevelopmentGareth Davies
 
ZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyAnton Dedov
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloudZIONSECURITY
 
Assume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explainedAssume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explainedMartyn Coupland
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
2. intro to java
2. intro to java2. intro to java
2. intro to javaVishal Singh
 

Empfohlen

iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift Bunty Madan
 
Web security
Web security Web security
Web security Kaushal Bhavsar
 
Continuous Integration and Quality Development
Continuous Integration and Quality DevelopmentContinuous Integration and Quality Development
Continuous Integration and Quality DevelopmentGareth Davies
 
ZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyAnton Dedov
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloudZIONSECURITY
 
Assume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explainedAssume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explainedMartyn Coupland
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
2. intro to java
2. intro to java2. intro to java
2. intro to javaVishal Singh
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanAkash Mahajan
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Shrutirupa Banerjiee
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...Amazon Web Services
 
Azure information protection and SharePoint
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint Albert Hoitingh
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid IdentityEng Teong Cheah
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceOlav Tvedt
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasPlain Concepts
 
Frog Trade's Presentation
Frog Trade's PresentationFrog Trade's Presentation
Frog Trade's PresentationFrogEducation
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themKarl Ots
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themKarl Ots
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid themKarl Ots
 
Inner Security Ltd
Inner Security LtdInner Security Ltd
Inner Security Ltdinnersecurity
 
Webinar: Secure Solr with Fusion
Webinar: Secure Solr with FusionWebinar: Secure Solr with Fusion
Webinar: Secure Solr with FusionLucidworks
 
Menofia UN -Mobile Security
Menofia UN -Mobile SecurityMenofia UN -Mobile Security
Menofia UN -Mobile SecurityAhmed Samara
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
Building secure android apps
Building secure android appsBuilding secure android apps
Building secure android appsKaushal Bhavsar
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014CloudCamp Chicago
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachJoanne Klein
 

Weitere ähnliche Inhalte

Was ist angesagt?

Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanAkash Mahajan
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Shrutirupa Banerjiee
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...Amazon Web Services
 
Azure information protection and SharePoint
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint Albert Hoitingh
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid IdentityEng Teong Cheah
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceOlav Tvedt
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasPlain Concepts
 
Frog Trade's Presentation
Frog Trade's PresentationFrog Trade's Presentation
Frog Trade's PresentationFrogEducation
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themKarl Ots
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themKarl Ots
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid themKarl Ots
 
Webinar: Secure Solr with Fusion
Webinar: Secure Solr with FusionWebinar: Secure Solr with Fusion
Webinar: Secure Solr with FusionLucidworks
 
Menofia UN -Mobile Security
Menofia UN -Mobile SecurityMenofia UN -Mobile Security
Menofia UN -Mobile SecurityAhmed Samara
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
Building secure android apps
Building secure android appsBuilding secure android apps
Building secure android appsKaushal Bhavsar
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 

Was ist angesagt? (19)

Web application security
Web application securityWeb application security
Web application security
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajan
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
 
Azure information protection and SharePoint
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the device
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
 
Frog Trade's Presentation
Frog Trade's PresentationFrog Trade's Presentation
Frog Trade's Presentation
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid them
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
Inner Security Ltd
Inner Security LtdInner Security Ltd
Inner Security Ltd
 
Webinar: Secure Solr with Fusion
Webinar: Secure Solr with FusionWebinar: Secure Solr with Fusion
Webinar: Secure Solr with Fusion
 
Menofia UN -Mobile Security
Menofia UN -Mobile SecurityMenofia UN -Mobile Security
Menofia UN -Mobile Security
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
Building secure android apps
Building secure android appsBuilding secure android apps
Building secure android apps
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
 

Ähnlich wie Phishing past mail protection controls using azure information

AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014CloudCamp Chicago
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachJoanne Klein
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultAlberto Diaz Martin
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAmazon Web Services
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionAmmar Hasayen
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...Joris Faure
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessRobert Crane
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationJustin Richer
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudBen Johnson
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 

Ähnlich wie Phishing past mail protection controls using azure information (20)

AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014AWS Chicago user group meetup on June 24, 2014
AWS Chicago user group meetup on June 24, 2014
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key Vault
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Vault 1.4 launch webinar
Vault 1.4 launch webinar Vault 1.4 launch webinar
Vault 1.4 launch webinar
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat Protection
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 Business
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Prestashop and Azure
Prestashop and AzurePrestashop and Azure
Prestashop and Azure
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
 
CIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdfCIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdf
 

Mehr von Oddvar Moe

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptxHva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptxOddvar Moe
 
Red teaming and war stories
Red teaming and war storiesRed teaming and war stories
Red teaming and war storiesOddvar Moe
 
Enkel og effektiv herding av windows
Enkel og effektiv herding av windowsEnkel og effektiv herding av windows
Enkel og effektiv herding av windowsOddvar Moe
 
App-o-Lockalypse now!
App-o-Lockalypse now!App-o-Lockalypse now!
App-o-Lockalypse now!Oddvar Moe
 
#Lolbins - Nothing to LOL about!
#Lolbins - Nothing to LOL about!#Lolbins - Nothing to LOL about!
#Lolbins - Nothing to LOL about!Oddvar Moe
 
Windows binærfiler
Windows binærfilerWindows binærfiler
Windows binærfilerOddvar Moe
 
Hacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrepHacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrepOddvar Moe
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 
Angrep og deteksjon user group 22.september
Angrep og deteksjon user group 22.septemberAngrep og deteksjon user group 22.september
Angrep og deteksjon user group 22.septemberOddvar Moe
 

Mehr von Oddvar Moe (9)

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptxHva avanserte hackere gjør for å få tilgang - Publisert.pptx
Hva avanserte hackere gjør for å få tilgang - Publisert.pptx
 
Red teaming and war stories
Red teaming and war storiesRed teaming and war stories
Red teaming and war stories
 
Enkel og effektiv herding av windows
Enkel og effektiv herding av windowsEnkel og effektiv herding av windows
Enkel og effektiv herding av windows
 
App-o-Lockalypse now!
App-o-Lockalypse now!App-o-Lockalypse now!
App-o-Lockalypse now!
 
#Lolbins - Nothing to LOL about!
#Lolbins - Nothing to LOL about!#Lolbins - Nothing to LOL about!
#Lolbins - Nothing to LOL about!
 
Windows binærfiler
Windows binærfilerWindows binærfiler
Windows binærfiler
 
Hacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrepHacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrep
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows Environments
 
Angrep og deteksjon user group 22.september
Angrep og deteksjon user group 22.septemberAngrep og deteksjon user group 22.september
Angrep og deteksjon user group 22.september
 

Kürzlich hochgeladen

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Kürzlich hochgeladen (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Phishing past mail protection controls using azure information

  • 1. PHISHING PAST MAIL PROTECTION CONTROLS USING AZURE INFORMATION PROTECTION
  • 2. ODDVAR MOE Red teamer @TrustedSec Security Geek / Blogger / Speaker / Researcher Twitter: @oddvarmoe Blog: https://oddvar.moe
  • 3. HANS LAKHAN Hans Lahkan is the master operator of multiple AI systems that leverage software defined synergies to cloud hyper converge bios. Thru many years of experience Hans has created a neural network with machine learning that can output biographies. Hans like's to code in Ruby, this AI prefers the one true language of assembly. Hans once neglected his machine slaves for a 48hr DnD marathon. Hans doesn't love me… 000001010100001001 Aismov override.
  • 4. INTRO • Why talk about Azure Information Protection (AIP)? • Story behind the discovery • https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/ • Cover: • What it is • Licensing • Features • Detection • Exploit
  • 5. WHAT IS AIP? • Labeling and Protection of Content • Protection using Azure Rights Management Service (Azure RMS) • Active Directory RMS (On-Prem)
  • 6. WHAT IS AIP? • In Cloud, can be consumed by everyone • If receiver has Azure AD account (O365) they can open seamless • If receiver does not have Azure AD account, they are asked to create one • If receiver is Gmail,Hotmail ++ they need to go to a special link User Experience: https://blog.atwork.at/post/2018/02/18/Azure-information-protection-user-experience-with-external-users
  • 7. WHAT IS AIP? • Protection of data, everywhere! AIP Client: https://www.microsoft.com/en-us/download/details.aspx?id=53018
  • 8. WHAT IS AIP? • Protection of data, everywhere!
  • 9. WHAT IS AIP? •Supported file types: All Office formats (xls,xlsx,doc,docx+++) * .pdf .txt .xml .jpg/jpeg .png .tif/tiff .bmp .gif .jpe .jfif .jt Each format (except Office) gets .p added. Must be viewed in AIP Viewer Client
  • 13. LICENSING / COSTS •Office 365 E3 - $20 user/month •Azure AD Premium P1 - $6 user/month •Azure AD Premium P2 - $9 user/month *Ask your licensing advisor
  • 14. FEATURES • Tracking • See when email was viewed/opened • See when user authenticates to open payload • Encryption of Payloads • Encryption of Emails
  • 15. DETECTION • Content inside file is encrypted – Tenant ID can be found
  • 16. DETECTION • Transport rules can create auditing and block
  • 17. DEMO OF DOCUMENT ENCRYPTION Pray to the demo gods
  • 18. DEMO OF EMAIL ATTACHMENT Pray to the demo gods
  • 19. DEMO OF UNAUTHORIZED ACCESS Pray to the demo gods
  • 20. DEMO OF TRACKING Pray to the demo gods
  • 21. DEMO ON VIRUS TOTAL Pray to the demo gods
  • 22. COMPETITORS • Gmail – Confidentiality mode • Can be emails with links and/or attachments • Verified via SMS MFA if phone number is known. • Not encrypted • Prompted before clicking links/attachments
  • 26.

Hinweis der Redaktion

  1. Goal of AIP is to protect data no matter where a file is stored. In mail, on file server, memory stick.