Blue Team

CRTH02 Azure AD Security Testing with AADInternals


8:00am - 9:15am

Level: Intermediate to Advanced

Nestori Syynimaa

Senior Principal Security Researcher


In the current cloud era, the focus has moved from securing physical premises to securing identities. Microsoft's cloud-based Identity and Access Management system, Azure AD, is used by over 90 per cent of private and public sector organizations globally. This makes Azure AD a tempting target for threat actors.

Keeping your identities secure requires securing your Azure AD. Threat actors have many known and unknown attack vectors to be exploited. These attack vectors are commonly known as Tactics, Techniques, and Procedures (TTPs). Most of the TTPs are implemented in toolkits such as AADInternals. These toolkits allow administrators to test their Azure AD's security using the very same TTPs threat actors are using.

In this session, the creator of AADInternals toolkit covers how to use it to test the security posture of Azure AD and Microsoft 365 environments.

You will learn:

  • Understand threat actors' Techniques, Tactics, and Procedures (TTPs)
  • How to leverage Mitre ATT&CKĀ® framework to plan TTP based security testing
  • How to run TTP based security testing using AADInternals toolkit