Welcome to Diana Initiative 2020 Virtual Conference.
For more information, please see our web site here :
Back To Schedule
Saturday, August 22 • 11:00am - 12:00pm
Hiding In The Clouds: How Attackers Can Use Applications Consent for Sustained Persistence and How To Find It

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Applications are modernizing. With that, the way permissions for these applications are granted are also changing. These new changes can allow an attacker to have sustained persistence in plain sight if we don’t understand how these work and where to look. What’s the difference if an application has permissions or an application has delegated permissions? Why did that admin account consent to that application, should I be worried? Is that application overprivileged? I have thousands of apps, how do I account for this? In this session we will look to demystify and bring clarity to these questions. You’ll understand these new application models and how they can be abused for sustained persistence, how these permissions work and what overprivileged looks like and finally, how to find them in your environment.

avatar for Mark Morowczynski

Mark Morowczynski

Principal Program Manager, Microsoft
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active... Read More →
avatar for Bailey Bercik

Bailey Bercik

Microsoft, Speaker
Bailey Bercik (@baileybercik on Twitter) is a Program Manager in the customer facing arm of the Identity Engineering division at Microsoft. As part of the “Get-To-Production” team, she acts as a trusted advisor to Fortune 500 enterprises deploying Azure Active Directory. She's... Read More →

Saturday August 22, 2020 11:00am - 12:00pm PDT
Stage 2