Deep-dive to Entra ID Token Theft Protection - Nestori Syynimaa - Ekoparty 2025
Token Theft attacks have risen during the past few years as organisations have moved to stronger authentication methods. Entra ID has built-in protections to mitigate these attacks. This session will cover how to use these protections and technical details of how they work under the hood. Although 99 % of identity attacks are still password-related, organisations are moving to using stronger authentication methods, making these attacks obsolete. In recent years, we have witnessed a rising number of Token Theft attacks. As tokens are issued after successful login, attackers can use them to impersonate users without a need to care about the authentication methods used. The two most often used Token Theft techniques are Adversary-in-the-Middle (AitM) attacks and malware on the endpoint. The former can be performed remotely (e.g., via phishing), whereas the latter requires access to the victim’s endpoint (much harder). In this demo-packed session, I will cover various Entra ID built-in Token Theft protection techniques, such as Token Protection and Continuous Access Evaluation (CAE). These techniques are not silver bullets though, so I will share the technical details of how they work under the hood. I will show what they really protect against, but also how threat actors can leverage them in specific scenarios. After the session, you will know the technical details of Entra ID Token Theft protection features, how to use them, how threat actors may leverage them, and how to detect this. Speaker: Nestori Syynimaa Principal Identity Security Researcher @ Microsoft Dr Nestori Syynimaa is a Principal Identity Security Researcher at Microsoft Threat Intelligence Center He has over a decade of experience with the security of Microsoft cloud services and is known as the creator of the AADInternals toolkit. Before joining Microsoft in early 2024, Dr Syynimaa worked as a researcher, CIO, consultant, trainer, and university lecturer for over 20 years. Dr Syynimaa has spoken in many international scientific and professional conferences, including IEEE TrustCom, TROOPERS, BSides, Black Hat USA, Europe, and Asia, Def Con, and RSA Conference. -- Seguinos en la redes: X: / ekoparty LinkedIn: / 1053378 Instagram: / ekoparty Facebook: https://www.facebook/ekopartyconference Twitch: / ekoparty Visitá nuestra web: https://www.ekoparty.org/
DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom - Reynaldo, nyx
09 - BruCON 0x11 - Deep-dive to Entra ID Token Theft Protection - Nestori Syynimaa
Beware AI and influencers, NSW Rural Fire Service hacked, and say goodbye to the Essential Eight!
Attacking AI - Jason Haddix - NDC Security 2026
Essential Privacy: Cell Numbers and Email Aliases
The Complete Guide to Secret Hygiene for Java and Cloud Native Engineers Martin Ladecký
How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025
Ekoparty Webinars: "Programa de Detección de Vectores de Scraping de Meta" I Malya Jain y Alan Levy
Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
World's Deadliest Computer Virus: WannaCry
"Hack ANY Cell Phone" - Hacker Shows How Easy It Is To Hack Your Cell Phone
LAWYER: How to FOOL Police AI Cameras
NestJS Full Course for Beginners in 2026 | Build a Production-Ready API
Bill Swearingen - HAKC THE POLICE - DEF CON 27 Conference
Keynote: Dylib Hijacking on macOS: Dead or Alive? I Patrick Wardle
Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint
The World's Most Important Machine
(Deep-)Dive To Entra ID Token Theft Protection - Nestori Syynimaa
Deep Dive into LLMs like ChatGPT
