Session will explore a hidden permission that enabled bad actors to add or remove global administrators in Entra ID (Azure AD) via privilege escalation; research will also be highlighted at Arsenal alongside demonstration of Silver SAML Forger
HOBOKEN, N.J. — July 25, 2024 — Semperis, a pioneer in identity-driven cyber resilience, today announced that its Senior Security Researcher Eric Woodruff will be presenting a talk at Black Hat USA 2024 titled UnOAuthorized: A Technique to Privilege Escalation to Global Administrator.
What: UnOAuthorized: A Technique to Privilege Escalation to Global Administrator
When: Wednesday, August 7, 4:20 pm PT
Where: Black Hat Conference, Mandalay Bay Convention Center, Islander FG, Level 0
Who: Eric Woodruff, Speaker, Senior Security Researcher, Semperis
Why: Today, many organizations use Microsoft Entra ID (Azure AD) as the identity management and authorization engine for their line-of-business applications. By compromising Entra ID, attackers can gain unauthorized access to a wide range of resources and data, escalate privileges, and potentially control entire IT environments – making it a high-value target in ransomware attacks.
“I look forward to sharing our groundbreaking research on privilege escalation techniques,” said Woodruff. “Black Hat provides a unique stage to discuss the latest security challenges and solutions, making it an ideal venue for unveiling new techniques and fostering collaboration for stronger organizational resiliency among the cybersecurity community. This demonstration will allow attendees to understand how hackers could exploit this novel technique, enabling threat actors to add or remove global administrators in Entra ID. While maintaining control of identity security controls is a complex process, it is paramount for companies to be aware of all vulnerabilities to better guard the keys to their kingdom.”
Woodruff will also be presenting at Arsenal with Semperis Security Researcher Tomer Nahum to showcase Silver SAML Forger, a tool designed to craft forged SAML authentication responses from Entra ID. Designed to complement the Entra ID vulnerability research, Woodruff and Tomer will demonstrate how attackers can manipulate SAML tokens to gain unauthorized access to systems – an attack technique also known as Silver SAML and Golden SAML – and further highlight potential security flaws that can be present in cloud identity providers.
About Semperis
For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid identity environments —including Active Directory, Entra ID, and Okta— Semperis’ patented technology protects over 100 million identities from cyberattacks, data breaches, and operational errors. The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress, and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada, and Israel.
Semperis hosts the award-winning Hybrid Identity Protection conference and podcast series (www.hipconf.com) and built the community hybrid Active Directory cyber defender tools, Purple Knight (www.semperis.com/purple-knight) and Forest Druid. The company has received the highest level of industry accolades, recently named to Inc. Magazine’s list of best workplaces for 2023 and ranked the fastest-growing cybersecurity company in America by the Financial Times. Semperis is a Microsoft Enterprise Cloud Alliance and Co-Sell partner and is a member of the Microsoft Intelligent Security Association (MISA).
Learn more: https://www.semperis.com
Follow us: Blog / LinkedIn / X / Facebook / YouTube
Media Contact:
Bill Keeler
Senior Director, PR & Comms
Semperis
billk@semperis.com