Announcement

Collapse
No announcement yet.

Michael Bargury - No-Code Malware: Windows 11 At Your Service

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Michael Bargury - No-Code Malware: Windows 11 At Your Service

    Michael Bargury, Co-Founder and CTO, Zenity.io, He/Him
    Presentation Title: No-Code Malware: Windows 11 At Your Service

    Length of presentation: 45 minutes

    Demo, Tool, Exploit

    Windows 11 ships with a nifty feature called Power Automate, which lets users automate mundane processes. In a nutshell, Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines or Office cloud, executed successfully and reports back to the cloud. You can probably already see where this is going..

    In this presentation, we will show how Power Automate can be repurposed to power malware operations. We will demonstrate the full cycle of distributing payloads, bypassing perimeter controls, executing them on victim machines and exfiltrating data. All while using nothing but Windows baked-in and signed executables, and Office cloud services.

    We will then take you behind the scenes and explore how this service works, what attack surface it exposes on the machine and in the cloud, and how it is enabled by-default and can be used without explicit user consent. We will also point out a few promising future research directions for the community to pursue.
    Finally, we will share an open-source command line tool to easily accomplish all of the above, so you will be able to add it into your Red Team arsenal and try out your own ideas.

    SPEAKER BIO
    Michael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure focused on IoT, APIs and IaC. Michael is passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He also leads the OWASP low-code security project and writes about it on DarkReading.
    https://twitter.com/mbrg0

    REFERENCES:
    Hackers abuse Office365 https://www.zenity.io/blog/hackers-a...-their-owners/
    Living-of-the-land of Office365 https://www.vectra.ai/blogpost/o365-...new-powershell
    Top 10 security risks for low-code apps https://owasp.org/www-project-top-10...ecurity-risks/

    []
    Last edited by number6; June 16, 2022, 03:49.

  • #2
    Thankfully that major upgrade won't be automatically pushed out to millions of machines 😬

    Comment

    Working...
    X