Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore how to create custom Identity Provider implementations in Entra ID (formerly Azure AD) to bypass Multi-Factor Authentication and establish persistence in this 46-minute conference talk. Learn about the OpenID Connect protocol vulnerabilities in Entra ID features like Federated Credentials, External Authentication Methods, and Custom Controls that allow external providers to perform authentication or control MFA. Discover techniques for adding authentication backdoors to existing MFA providers and bypassing security controls without requiring custom platforms. Examine various vulnerabilities encountered during security research that enable attackers to maintain persistence and circumvent authentication mechanisms. Get hands-on insights into using the updated roadoidc tool from ROADtools to perform these attacks, while also understanding the defensive indicators security professionals should monitor to detect such activities in their environments.
