Events
eBooks
White Papers
Case Studies
Videos
Webinars
Glossary
About Us
Careers
News
Assessment Hub
Contact
Trust CenterINTENT Summit 2024
We are honored to have participated in INTENT Summit 2024 where our Co-Founder and CTO Michael Bargury delivered the opening session.
Living Off Microsoft Copilot
November 19 | TLV
Whatever your needs as a hacker post-compromise, Microsoft Copilot has got you covered. Covertly search for sensitive data and organize it for easy use. Exfiltrate sensitive data without triggering logs. If you encounter obstacles, Microsoft Copilot can assist with phishing for lateral movement—even handling social engineering on your behalf!
This talk provides a comprehensive analysis of Microsoft Copilot used at a red-team level of practicality. We will demonstrate how Copilot plugins can install backdoors into other users’ Copilot interactions, enabling data theft as an entry point and AI-driven social engineering as the primary strategy.
For the final course, we’ll show how hackers can circumvent security controls focused on files and data by weaponizing AI against them.
Next, we’ll introduce LOLCopilot, a red-teaming tool for ethical hackers to exploit Microsoft Copilot in M365-enabled environments. This tool operates seamlessly with default configurations in any M365 Copilot-enabled tenant.
Finally, we’ll provide recommendations for detection and hardening measures you can implement to guard against malicious insiders and threat actors with access to Copilot.