OWASP Ottawa May 17th 2023: Office Under Siege
Details
Welcome to our in Person Meetup at the University of Ottawa
In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 117
Health Notice:
Based on the Ottawa Public Health Guidelines we strongly recommend that attendees wear a mask while not presenting. This will reduce the risk of transmission and protect members who may have compromised immune systems.
Live Stream:
We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/channel/UCxSU-KvNmYusZEq6v4YK5Lw). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!
YouTube Live Stream Link: https://www.youtube.com/watch?v=CyVrl7MIgVA
6:00 PM EDT Arrival, setup, mingle
6:30 PM EDT Technical Talks
- Introduction to OWASP Ottawa, Public Announcements.
- Office Under Siege: Understanding, Discovering, and Preventing Attacks against M365
Abstract:
Microsoft 365 (AKA Office 365) has enjoyed an explosive popularity in recent years, fueled by many factors, including cloud migration, proliferation of remote work, and COVID-19 lockdowns. More and more of companies' important communications and resources now reside in this ecosystem, and naturally the attackers are training their sights on it with growing frequency.
In this presentation we will start with an introduction of M365 and AAD environments, and describe the most popular attack methods that hackers employ when exploiting them. We will then continue with discussion of facilities available to enterprises to help identify and investigate malicious activity, and wrap up about strategies for preventing and responding to attacks.
Speaker Bio:
Dmitriy Beryoza is a Senior Security Researcher with Vectra AI, working on threat detection in the cloud and on-prem networks.
Before that he was a penetration tester and secure software development advocate at IBM. He has been a software developer for many years, before switching to security full-time.
Dmitriy holds a Ph.D. in Computer Science, and OSCP, CISSP, CCSP and CEH certifications.
His interests include reverse engineering, secure software development, and CTF competitions.
