HF 2022 - Call for Papers

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Office Under Siege: Understanding, Discovering, and Preventing Attacks Against M365
10-29, 14:30–15:20 (Canada/Eastern), Track 1
Language: English

Microsoft 365 is one of the most useful tools in the enterprise today, but to attackers it's both the popular initial access point and the treasure trove of information. Let's discuss the most popular attack methods, ways of detecting them, and the strategies and tools available to defend the M365 environment.


Microsoft 365 (AKA Office 365) has enjoyed an explosive popularity in recent years, fueled by many factors, including cloud migration, proliferation of remote work, and COVID-19 lockdowns. More and more of companies' important communications and resources now reside in this ecosystem, and naturally the attackers are training their sights on it with growing frequency.

In this presentation we will start with an introduction of M365 and AAD environments, and describe the most popular attack methods that hackers employ when exploiting them. We will then continue with discussion of facilities available to enterprises to help identify and investigate malicious activity, and wrap up about strategies for preventing and responding to attacks.


Are you releasing a tool? – no Was this talk already given? – no

Dmitriy Beryoza is a Senior Security Researcher with Vectra AI, working on threat detection in the cloud and on-prem networks. Before that he was a penetration tester and secure software development advocate at IBM. He has been a software developer for many years, before switching to security full-time. Dmitriy holds a Ph.D. in Computer Science, and OSCP, CISSP, CCSP and CEH certifications. His interests include reverse engineering, secure software development, and CTF competitions.