Jyväskylän yliopisto | JYX-julkaisuarkisto

 
Näytä aineisto 

Näytä suppeat kuvailutiedot

Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools

dc.contributor.authorSyynimaa, Nestori
dc.contributor.editorFilipe, Joaquim
dc.contributor.editorSmialek, Michal
dc.contributor.editorBrodsky, Alexander
dc.contributor.editorHammoudi, Slimane
dc.date.accessioned2023-03-03T10:53:32Z
dc.date.available2023-03-03T10:53:32Z
dc.date.issued2022
dc.identifier.citationSyynimaa, N. (2022). Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools. In J. Filipe, M. Smialek, A. Brodsky, & S. Hammoudi (Eds.), <i>ICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2</i> (pp. 142-147). SCITEPRESS Science And Technology Publications. <a href="https://doi.org/10.5220/0011077100003179" target="_blank">https://doi.org/10.5220/0011077100003179</a>
dc.identifier.otherCONVID_144287611
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/85747
dc.description.abstractAzure Active Directory (Azure AD) is Microsoft’s identity and access management service used globally by 90 per cent of Fortune 500 companies and many other organisations. Recent attacks by nation-state adversaries have targeted these organisations by exploiting known attack vectors. In this paper, open-source intelligence (OSINT) is gathered from organisations using Azure AD to explore the current attack surface. OSINT is collected from Fortune 500 companies and top 2000 universities globally. The collected OSINT includes authentication methods used by the organisation and the full name and phone number of the primary technical contact. The findings reveal that most organisations are using Azure AD and that majority of these organisations are using authentication methods exploited during the recent attacks by nation-state adversaries.en
dc.format.extent608
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherSCITEPRESS Science And Technology Publications
dc.relation.ispartofICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2
dc.rightsCC BY-NC-ND 4.0
dc.subject.otherAzure Active Directory
dc.subject.otherAzure Ad
dc.subject.otherOSINT
dc.subject.otherattack
dc.subject.otherenumeration
dc.subject.otherSAML
dc.subject.otherKerberos
dc.titleExploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools
dc.typeconferenceObject
dc.identifier.urnURN:NBN:fi:jyu-202303032006
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.type.urihttp://purl.org/eprint/type/ConferencePaper
dc.relation.isbn978-989-758-569-2
dc.type.coarhttp://purl.org/coar/resource_type/c_5794
dc.description.reviewstatuspeerReviewed
dc.format.pagerange142-147
dc.relation.issn2184-4992
dc.type.versionpublishedVersion
dc.rights.copyright© 2022 by SCITEPRESS – Science and Technology Publications, Lda.
dc.rights.accesslevelopenAccessfi
dc.relation.conferenceInternational Conference on Enterprise Information Systems
dc.subject.ysotodentaminen
dc.subject.ysotietoturva
dc.subject.ysoverkkohyökkäykset
dc.subject.ysopääsynvalvonta
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p24130
jyx.subject.urihttp://www.yso.fi/onto/yso/p5479
jyx.subject.urihttp://www.yso.fi/onto/yso/p27466
jyx.subject.urihttp://www.yso.fi/onto/yso/p15780
dc.rights.urlhttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.relation.doi10.5220/0011077100003179
dc.type.okmA4


Aineistoon kuuluvat tiedostot

Thumbnail
Nimi:
110771.pdf
Koko:
675.3Kb
Tiedostomuoto:
PDF
Kuvaus:
publishedVersion
Katso/Avaa

Aineisto kuuluu seuraaviin kokoelmiin

Näytä suppeat kuvailutiedot

CC BY-NC-ND 4.0
Ellei muuten mainita, aineiston lisenssi on CC BY-NC-ND 4.0
Tietosuojailmoitus

Saavutettavuusseloste

Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.