HF 2022 - Call for Papers

Office Under Siege: Understanding, Discovering, and Preventing Attacks Against M365
2022-10-29, 14:30–15:20, Track 1

Microsoft 365 is one of the most useful tools in the enterprise today, but to attackers it's both the popular initial access point and the treasure trove of information. Let's discuss the most popular attack methods, ways of detecting them, and the strategies and tools available to defend the M365 environment.


Microsoft 365 (AKA Office 365) has enjoyed an explosive popularity in recent years, fueled by many factors, including cloud migration, proliferation of remote work, and COVID-19 lockdowns. More and more of companies' important communications and resources now reside in this ecosystem, and naturally the attackers are training their sights on it with growing frequency.

In this presentation we will start with an introduction of M365 and AAD environments, and describe the most popular attack methods that hackers employ when exploiting them. We will then continue with discussion of facilities available to enterprises to help identify and investigate malicious activity, and wrap up about strategies for preventing and responding to attacks.


Are you releasing a tool? – no Was this talk already given? – no