Defending your cloud against AD FS attacks

  • Wednesday, 08 Dec 2021 10:30AM EST (08 Dec 2021 15:30 UTC)
  • Speakers: Dana Baril, Oz Soprin, Security Researcher for Microsoft Defender, Roberto Rodriguez, Principal Threat Researcher at Microsoft.

As organizations move their resources to the cloud, attackers are increasingly looking for ways to abuse Active Directory Federation Services (AD FS) in hybrid cloud environments to accomplish their objectives. Learn from world-class defenders who responded to the NOBELIUM nation-state attack that abused AD FS. In this session we’ll cover:

  • How defenders can analyze an AD FS attack once compromise is suspected
  • Walk through a demo of common AD FS attacks such as the forging of SAML tokens
  • Guidance on how to perform forensics and develop detections