Attacking with Automation: How Office 365 automation provides another new risk to the cloud

DerbyCon 9.0 - Finish Line

Presented by: Trent Lo (Surbo)
Date: Saturday September 07, 2019
Time: 17:00 - 17:45
Location: Track 1

Office 365 is already an integral process of everyday business that empowers corporations the flexibility to get the job done faster and more efficiently. But what happens when, those same processes turn on you, and bypass protections that were meant to mitigate risks, and become undocumented features?This talk will begin by showing how to exfiltrate inbox data over an infinite amount of time without the use of Exchange Rules, PowerShell or Physical Access to the victim machine all while being resilient to password changes. Finally I'll demonstrate how to issue command and control commands through innocuous looking emails to perform actions within the Office 365 Environment where I can interact with an on premise host and bypass security controls such as DLP, AV and Firewall.

Trent Lo

Trent Lo is a seasoned and well regarded speaker with over 15 years of security research, Incident Response and protecting large scale infrastructure from advanced cyber threat actors. Trent’s technical expertise and understanding of the inherent risks corporations face today has given him a unique ability to build strong cyber defenses to proactively and predictively detect and disrupt cyber threats.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats