Extracting the Attacker: Getting the Bad Guys off Your SaaS presented at BSidesPhiladephia 2019

by David Branscome,

Summary : The Microsoft Office 365 suite contains many applications that can help organizations do some amazing things. But every once in a while, a user in your organization will click on a link in an email, open a file or visit a malicious website, and their account will get compromised by an attack- er. You can (and should) reset the user password, but is that enough? As you've probably guessed, if that was all you needed to do, this would be a VERY short session. The truth is, regaining control of a user account takes a little more effort to ensure the attacker isn't just temporarily inconvenienced. In this session I will show you the steps to extract attackers from your SaaS, how attackers could potentially retain access and how to remove it as well as proactive steps to keep these events to a minimum. I can almost guarantee I'll show you some attack meth- ods you haven't thought of before!