August 26
Microsoft cloud authentication tokens—there are no more secrets
Track 1
The lecture is about authentication and authorization in Microsoft Office 365. You will learn how the office applications such as Outlook, OneDrive, Teams, Word, Excel, and the Windows operating system as such are authorized on cloud servers. Specifically, where and how they store their access tokens, what DPAPI (Data Protection API), PRT (Primary Refresh Token), TPM (Trusted Platform Module) have to do with this, and how all of this magic can be used in red team operations.