Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a 30-minute conference talk from the Chaos Communication Congress (38C3) that reveals a fascinating security research journey sparked by a simple request to automate phishing simulations in Microsoft 365. Follow along as the speaker uncovers multiple vulnerabilities in Microsoft's Attack Simulation platform, leading to several bug bounty rewards. Learn how the investigation deepened when attempting to build a custom phishing simulation tool, exposing concerning practices in Microsoft's outsourced support operations to a Chinese company requesting access tokens. Discover how manipulating parameters in the Security & Compliance center led to the ability to hijack remote PowerShell sessions, potentially compromising data across multiple Microsoft 365 tenants. Gain insights into the complex security implications of enterprise software systems and the unexpected vulnerabilities that can emerge from seemingly routine tasks.
