Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools
| dc.contributor.author | Syynimaa, Nestori | |
| dc.contributor.editor | Filipe, Joaquim | |
| dc.contributor.editor | Smialek, Michal | |
| dc.contributor.editor | Brodsky, Alexander | |
| dc.contributor.editor | Hammoudi, Slimane | |
| dc.date.accessioned | 2023-03-03T10:53:32Z | |
| dc.date.available | 2023-03-03T10:53:32Z | |
| dc.date.issued | 2022 | |
| dc.identifier.citation | Syynimaa, N. (2022). Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools. In J. Filipe, M. Smialek, A. Brodsky, & S. Hammoudi (Eds.), <i>ICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2</i> (pp. 142-147). SCITEPRESS Science And Technology Publications. <a href="https://doi.org/10.5220/0011077100003179" target="_blank">https://doi.org/10.5220/0011077100003179</a> | |
| dc.identifier.other | CONVID_144287611 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/85747 | |
| dc.description.abstract | Azure Active Directory (Azure AD) is Microsoft’s identity and access management service used globally by 90 per cent of Fortune 500 companies and many other organisations. Recent attacks by nation-state adversaries have targeted these organisations by exploiting known attack vectors. In this paper, open-source intelligence (OSINT) is gathered from organisations using Azure AD to explore the current attack surface. OSINT is collected from Fortune 500 companies and top 2000 universities globally. The collected OSINT includes authentication methods used by the organisation and the full name and phone number of the primary technical contact. The findings reveal that most organisations are using Azure AD and that majority of these organisations are using authentication methods exploited during the recent attacks by nation-state adversaries. | en |
| dc.format.extent | 608 | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | |
| dc.publisher | SCITEPRESS Science And Technology Publications | |
| dc.relation.ispartof | ICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2 | |
| dc.rights | CC BY-NC-ND 4.0 | |
| dc.subject.other | Azure Active Directory | |
| dc.subject.other | Azure Ad | |
| dc.subject.other | OSINT | |
| dc.subject.other | attack | |
| dc.subject.other | enumeration | |
| dc.subject.other | SAML | |
| dc.subject.other | Kerberos | |
| dc.title | Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools | |
| dc.type | conferenceObject | |
| dc.identifier.urn | URN:NBN:fi:jyu-202303032006 | |
| dc.contributor.laitos | Informaatioteknologian tiedekunta | fi |
| dc.contributor.laitos | Faculty of Information Technology | en |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | |
| dc.relation.isbn | 978-989-758-569-2 | |
| dc.type.coar | http://purl.org/coar/resource_type/c_5794 | |
| dc.description.reviewstatus | peerReviewed | |
| dc.format.pagerange | 142-147 | |
| dc.relation.issn | 2184-4992 | |
| dc.type.version | publishedVersion | |
| dc.rights.copyright | © 2022 by SCITEPRESS – Science and Technology Publications, Lda. | |
| dc.rights.accesslevel | openAccess | fi |
| dc.relation.conference | International Conference on Enterprise Information Systems | |
| dc.subject.yso | todentaminen | |
| dc.subject.yso | tietoturva | |
| dc.subject.yso | verkkohyökkäykset | |
| dc.subject.yso | pääsynvalvonta | |
| dc.format.content | fulltext | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p24130 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p5479 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p27466 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p15780 | |
| dc.rights.url | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.relation.doi | 10.5220/0011077100003179 | |
| dc.type.okm | A4 |
Aineistoon kuuluvat tiedostot
Aineisto kuuluu seuraaviin kokoelmiin
Ellei muuten mainita, aineiston lisenssi on CC BY-NC-ND 4.0