Fact Based Post Exploitation - Office365 Edition
The adrenaline rush known as “Initial access” is only the first step in navigating the long and complex path toward goal domination. As a modern red-team operator, how does one effectively research, map, and understand a client’s Office365 environment, before deploying bleeding edge post-exploitation activities?
In this talk, I will discuss the specific challenges and techniques of conducting a successful post-exploitation attack on an Office365 environment. The presentation will focus on the importance of gathering and utilizing information about the client, including third-party service reconnaissance, SSO abuse, data exfiltration, vertical movement onto workstation, and post-exploitation social engineering. This talk is geared towards experienced red-team operators, looking to improve their skills and methodology in navigating the complex landscape of Office365 environments and executing successful attacks.