I'm_in_your_cloud_v4_FINAL.pdf - hacking everyone's cloud

In 2019 I gave my first public conference talk here at TROOPERS, titled “I’m in your cloud”, covering hybrid Active Directory and Azure AD environments. Little did I know that this would be the start of a much bigger research project that covered many more aspects of Azure AD, or Entra ID as it is called these days. Eventually this analysis of hybrid AD/Entra ID led to the discovery of Actor Tokens, and with that the only CVSS 10.0 CVE ever issued for the identity system of a major cloud provider.

In this talk I will go through the history of hybrid AD/Entra ID vulnerabilities that were there since my first talk at TROOPERS and how this led to the discovery of this critical flaw. Of course we will also cover the technicalities and how the “I’m in your cloud” series concluded with being able to take over everyone’s (Microsoft) cloud.