Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced Entra ID security research methodologies in this 21-minute conference talk that demonstrates how to discover new privilege escalation paths by building upon existing service principal research. Learn about the fundamentals of service principals and app registrations while examining the historical context of backdoor credentials used in nation-state attacks. Discover how security researcher Katie Knowles uncovered a vulnerable built-in service principal that could enable escalation from Application Administrator to Global Admin privileges in hybrid tenant environments. Understand the evolution of Microsoft's security controls designed to combat application backdooring and examine why these threats persist despite mitigation efforts. Gain practical insights into research methodologies that can help identify similar vulnerabilities, including specific controls for risk mitigation and actionable leads for conducting your own service principal investigations. Master the techniques for leveraging past research findings to uncover new attack vectors and privilege escalation opportunities within Microsoft's identity infrastructure.
