Videos

All You Need is Guest: BlackHat 2023

Azure AD guest accounts are widely used to grant external parties limited access to enterprise resources, with the assumption that these accounts pose little security risk. As you’re about to see, this assumption is dangerously wrong.

In this talk, given at BlackHat 2023, Zenity CTO and Co-Founder Michael Bargury shows how guests can leverage undocumented APIs to bypass limitations and gain unauthorized access to sensitive business data and capabilities including corporate SQL servers, SharePoint sites, and KeyVault secrets….