UnOAuthorized: The Previously Untold Findings

#1684081: UnOAuthorized: The Previously Untold Findings

Description:	At Black Hat USA 2024, UnOAuthorized revealed an undocumented Microsoft authorization model that permitted unexpected actions in Entra ID (formerly Azure AD). This included a pathway for privilege escalation from lower roles up to the Global Administrator—essentially, the Domain Admin of the cloud. However, some findings had to be left undisclosed until now. Join us as we explore the full scope of UnOAuthorized. We will briefly recap the original vulnerability and its resolution and then unveil the remaining findings we can discuss. We'll cover the impact of these findings, how they differ from others, and explain why it took so long to disclose this information. Don't miss out on the opportunity to secure your spot today for this exciting webinar, proudly sponsored by Zoho! Unlock valuable insights that could transform your perspective. Reserve your place now!
More info:	https://apps.blackhat.com/e/es?s=95530031&e=73788&elqTrackId=CCDC3E7D5DA7C6B39F06ADDC895220E4&elq=4862afa1ffba4cb5a03de748e4fc4da2&elqaid=4354&elqat=1&elqak=8AF569482223AB0CDF338063561DAE5AF9110AF146E6B4696192B1E90907A00050CC

Description:

At Black Hat USA 2024, UnOAuthorized revealed an undocumented Microsoft authorization model that permitted unexpected actions in Entra ID (formerly Azure AD). This included a pathway for privilege escalation from lower roles up to the Global Administrator—essentially, the Domain Admin of the cloud.

However, some findings had to be left undisclosed until now.

Join us as we explore the full scope of UnOAuthorized. We will briefly recap the original vulnerability and its resolution and then unveil the remaining findings we can discuss. We'll cover the impact of these findings, how they differ from others, and explain why it took so long to disclose this information.

Don't miss out on the opportunity to secure your spot today for this exciting webinar, proudly sponsored by Zoho! Unlock valuable insights that could transform your perspective. Reserve your place now!

More info:

https://apps.blackhat.com/e/es?s=95530031&e=73788&elqTrackId=CCDC3E7D5DA7C6B39F06ADDC895220E4&elq=4862afa1ffba4cb5a03de748e4fc4da2&elqaid=4354&elqat=1&elqak=8AF569482223AB0CDF338063561DAE5AF9110AF146E6B4696192B1E90907A00050CC

Date added	May 30, 2025, 10:10 p.m.
Source	Blackhat
Subjects	Microsoft Azure - Also, Open Management Infrastructure / OMI / OMI Vulnerabilities / OMIGOD Flaw / AutoWarp Vulnerability Microsoft Entra ID PodCasts / Webcast / Webinar / eSummit / Virtual Event etc.
Venue	June 12, 2025, midnight - June 12, 2025, midnight