Fact Based Post Exploitation - Office365 Edition

Download Slides

Watch Video

The adrenaline rush known as “Initial access” is only the first step in navigating the long and complex path toward goal domination. As a modern red-team operator, how does one effectively research, map, and understand a client’s Office365 environment, before deploying bleeding edge post-exploitation activities?

In this talk, I will discuss the specific challenges and techniques of conducting a successful post-exploitation attack on an Office365 environment. The presentation will focus on the importance of gathering and utilizing information about the client, including third-party service reconnaissance, SSO abuse, data exfiltration, vertical movement onto workstation, and post-exploitation social engineering. This talk is geared towards experienced red-team operators, looking to improve their skills and methodology in navigating the complex landscape of Office365 environments and executing successful attacks.

About the Speaker

Melvin Langvik

Melvin is an experienced security consultant with a background in software development. After completing his bachelor’s degree in computer engineering, Melvin began his career as a C# Azure developer and integrations consultant. His hands-on experience with rapidly creating and deploying critical backend infrastructure for an international client base led him to pursue his goal of transitioning into offensive security. Melvin successfully transitioned from a developer to a security consultant, now working with an amazing team of security professionals at TrustedSec. Melvin has a passion for sharing his knowledge and experience with the community, and he has contributed to the infosec community by releasing open-source and offensively targeted C# based tools and techniques, such as BetterSafetyKatz, SharpProxyLogon, AzureC2Relay, CobaltBus, and SharpCollection. He is also the creator and maintainer of the TeamFiltration project, which is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. Melvin is a passionate cybersecurity professional who brings a unique blend of software development and offensive security expertise to any project.