Show simple item record

dc.contributor.authorSyynimaa, Nestori
dc.contributor.editorFilipe, Joaquim
dc.contributor.editorSmialek, Michal
dc.contributor.editorBrodsky, Alexander
dc.contributor.editorHammoudi, Slimane
dc.date.accessioned2023-03-03T10:53:32Z
dc.date.available2023-03-03T10:53:32Z
dc.date.issued2022
dc.identifier.citationSyynimaa, N. (2022). Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools. In J. Filipe, M. Smialek, A. Brodsky, & S. Hammoudi (Eds.), <i>ICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2</i> (pp. 142-147). SCITEPRESS Science And Technology Publications. <a href="https://doi.org/10.5220/0011077100003179" target="_blank">https://doi.org/10.5220/0011077100003179</a>
dc.identifier.otherCONVID_144287611
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/85747
dc.description.abstractAzure Active Directory (Azure AD) is Microsoft’s identity and access management service used globally by 90 per cent of Fortune 500 companies and many other organisations. Recent attacks by nation-state adversaries have targeted these organisations by exploiting known attack vectors. In this paper, open-source intelligence (OSINT) is gathered from organisations using Azure AD to explore the current attack surface. OSINT is collected from Fortune 500 companies and top 2000 universities globally. The collected OSINT includes authentication methods used by the organisation and the full name and phone number of the primary technical contact. The findings reveal that most organisations are using Azure AD and that majority of these organisations are using authentication methods exploited during the recent attacks by nation-state adversaries.en
dc.format.extent608
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherSCITEPRESS Science And Technology Publications
dc.relation.ispartofICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2
dc.rightsCC BY-NC-ND 4.0
dc.subject.otherAzure Active Directory
dc.subject.otherAzure Ad
dc.subject.otherOSINT
dc.subject.otherattack
dc.subject.otherenumeration
dc.subject.otherSAML
dc.subject.otherKerberos
dc.titleExploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools
dc.typeconferenceObject
dc.identifier.urnURN:NBN:fi:jyu-202303032006
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.type.urihttp://purl.org/eprint/type/ConferencePaper
dc.relation.isbn978-989-758-569-2
dc.type.coarhttp://purl.org/coar/resource_type/c_5794
dc.description.reviewstatuspeerReviewed
dc.format.pagerange142-147
dc.relation.issn2184-4992
dc.type.versionpublishedVersion
dc.rights.copyright© 2022 by SCITEPRESS – Science and Technology Publications, Lda.
dc.rights.accesslevelopenAccessfi
dc.relation.conferenceInternational Conference on Enterprise Information Systems
dc.subject.ysotodentaminen
dc.subject.ysotietoturva
dc.subject.ysoverkkohyökkäykset
dc.subject.ysopääsynvalvonta
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p24130
jyx.subject.urihttp://www.yso.fi/onto/yso/p5479
jyx.subject.urihttp://www.yso.fi/onto/yso/p27466
jyx.subject.urihttp://www.yso.fi/onto/yso/p15780
dc.rights.urlhttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.relation.doi10.5220/0011077100003179
dc.type.okmA4


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

CC BY-NC-ND 4.0
Except where otherwise noted, this item's license is described as CC BY-NC-ND 4.0