Hackers Abuse Low-Code Platforms And Turn Them Against Their Owners

less than 1 minute read

Last year, Microsoft’s Detection and Response Team (DART) published the timeline of an attack which leveraged Power Platform, Microsoft’s low-code platform. Using live-off-the-land techniques, the attackers were able to exfiltrate sensitive corporate data and maintain complete Office 365 access for 240 days! This post presents an in-depth analysis of the attack.

Direct Link

Twitter Facebook LinkedIn

Followup links for All You Need Is Guest RSAC 2024

less than 1 minute read

Assorted links for All You Need Is Guest @ RSAC 2024:

Power Platform DLP Bypass via Copy-And-Paste

6 minute read

Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...

All You Need Is Guest

7 minute read

This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.

The Challenges of AI Security Begin With Defining It Permalink

less than 1 minute read

Security for AI is the Next Big Thing! Too bad no one knows what any of that really means.

Michael Bargury

Hackers Abuse Low-Code Platforms And Turn Them Against Their Owners

You May Also Enjoy

Followup links for All You Need Is Guest RSAC 2024

Power Platform DLP Bypass via Copy-And-Paste

All You Need Is Guest

The Challenges of AI Security Begin With Defining It Permalink