Extracting the Attacker: Getting the Bad Guys Off Your SaaS presented at BSidesKnoxville 2019

by David Branscome,

Summary : The Microsoft Office 365 suite contains many applications that can help organizations do some amazing things. But every once in a while, a user account will get compromised by an attacker. You can (and should) reset the user password, but is that enough? If that was all you needed to do, this would be a VERY short session. Regaining control of a user account does take a little more effort to ensure the attacker isn't just temporarily inconvenienced.How do you extract the attackers and get them off your SaaS?I'll walk you through some sneaky areas where attacker can retain access, and show you how to shut it down.I can almost guarantee I'll show you some attack methods you haven't thought of before!