BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Azure B2C 0-Day: An Exploit Chain from Public Keys t o\n Microsoft Bug Bounty\n When: Saturday\, Aug 12\, 13:00 - 13:45 PDT \n Where: Caesars Forum - Academy - 407-410 - Track 4 - [1]Map\n\n Spe akerBio:John Novak \, Technical Director at Praetorian\n John Novak is a Technical Director at Praetorian with a deep interest\n in cryptography \, reverse engineering\, and embedded firmware. His\n evolution to compu ter security and hacker culture began with an\n undergraduate degree in mathematics followed by ten years of\n cryptography\, security research\ , and exploit development at a previous\n employer. His current role at Praetorian includes conducting numerous\n security assessments for IoT d evices\, web applications\, mobile\n applications\, and (on occasion) cl oud services.\n Twitter: [2]@jwnovak\n\n Description:\n This present ation will cover a complete exploit chain in Azure B2C\,\n starting with a discovery of cryptographic misuse and leading to full\n account compr omise in any tenant as an unauthenticated attacker.\n\n Portions of this vulnerability have been released publicly\, but\n several pieces were o mitted to provide Microsoft time to remediate the\n issue and not put Az ure B2C environments at unnecessary risk. New\n details in this talk inc lude steps to reverse engineer and discover\n the crypto vulnerability a long with details of a novel attack for\n crypto key recovery.\n\n For background\, Microsoft Azure B2C is an identity and access\n management service for customer-facing apps. Thousands of\n organizations use this service\, including national/state/local\n governments\, professional s ocieties\, and commercial companies. The\n service is also used in the p ublic Microsoft Security Response Center\n (MSRC) web portal as the main method for researchers to disclose\n vulnerabilities as part of Microso ft's bug bounty programs. The full\n exploit chain was effective against the MSRC and would have allowed an\n attacker to enumerate details of d isclosed but not-yet-patched\n Microsoft zero day vulnerabilities.\n\n REFERENCES:\n [1] Previous disclosure of portions of this vulnerability : [3]https://www.praetorian.com/blog/azure-b2c-crypto-misuse-and-account-c ompromise/\n [2] Discussion of encryption and signatures in JSON Web Tok ens (JWTs):\n [4]https://www.praetorian.com/blog/signing-and-encrypting- with-json-web-tokens/\n [3] Azure B2C Configuration Tutorial: [5]https:/ /learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user -flows?pivots=b2c-custom-policy\n [4] What to Expect When Reporting Vuln erabilities to Microsoft [6]https://msrc.microsoft.com/blog/2020/09/what-t o-expect-when-reporting-vulnerabilities-to-microsoft/\n\n '\n\n 1. #Ca esarsAcademyBR\n 2. https://twitter.com/jwnovak\n 3. https://www.praet orian.com/blog/azure-b2c-crypto-misuse-and-account-compromise/\n 4. http s://www.praetorian.com/blog/signing-and-encrypting-with-json-web-tokens/\n 5. https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutoria l-create-user-flows?pivots=b2c-custom-policy\n 6. https://msrc.microsoft .com/blog/2020/09/what-to-expect-when-reporting-vulnerabilities-to-microso ft/\n\n\n DTEND:20230812T204500Z DTSTART:20230812T200000Z LOCATION:DC - Caesars Forum - Academy - 407-410 - Track 4 SUMMARY:Azure B2C 0-Day: An Exploit Chain from Public Keys to Microsoft Bug Bounty END:VEVENT END:VCALENDAR