SEATS AVAILABLE: CLASS CANCELLED
Office 365 is a Software-as-a-Service (SaaS) solution and a success story of Microsoft on an ongoing basis given 180 million active monthly users of Office 365. Microsoft considers Office 365 as the world's productivity cloud. Cross-Site Scripting is a #1 reported issue in Google, Mozilla, HackerOne and Bugcrowd's bug bounty programs in the last years. If you ask Microsoft, they would say the same as far as Office 365 (online services) is concerned. Office 365 umbrella applications are vulnerable to XSS. This training will justify with the help of 175+ valid cases of XSS (includes 50 CVEs) in Office 365 in general. It includes around 150+ bounty award winning cases. This training will introduce a whole lot of attack surface to the participants. We will show how to prepare a test playground with a majority of Office 365 features without spending a penny.
The lessons learned in the last two years of participation in Office 365 bug bounty program will be shared in two days along with the technical details of all findings. Further, the trainer will also convey the `thought process` behind award winning XSS. We will let you know where you should spend more time or where the juicy stuff is in Office 365. In other words, how to play `in-scope` only. We will share tips and tricks as far as how one can stay at the top to test new and upcoming features of Office 365. This training will shed light on amiss design decisions made by SharePoint team and the participants will see how we leverage them for financial gain (six figures bounties) and end-up in the number one spot in Microsoft's Top 100 researchers list of 2018.
Who Should Attend
This course is for Penetration Testers, Bug Bounty Hunters, Office 365 and SharePoint admins and defenders.
Key Learning Objectives
This training introduces and details Office 365 through presentation, challenges and discussions around 150+ bounty award winning bugs. No pre-requisite in terms of knowledge about Office 365 is needed. At the end of the training, the participants will have a solid understanding of the Office 365 in general while SharePoint in particular and XSS vulnerability research in Office 365. The main objective of this training is to train participants so that they can find XSS bugs in Office 365's umbrella applications easily. The technical details and the thought process leading up to this objective will be discuss. Please keep in mind that Microsoft follows Secure Development Life-cycle (SDL) along with internal and external pentests and audits and Office 365 is a security-hardened service. Last but not the least, after this training, participants will start looking at XSS in real world targets like a pro.
Hardware / Software Requirements
We will spend first day in setting up Office 365 and will make sure that participants will have almost all the features working for them to play around. Once set up, we will spend sometime on tuning Office 365 so that participants will always get the new features before general public. Thereafter, the discussion and technical details of around 50+ XSS bugs in Outlook Web & Mobile, Office (Excel, Word, PowerPoint, Visio and OneNote), Azure, Video 365, Microsoft Steam, Office Forms, Kaizala, Yammer, Sway, Microsoft 365 Admin Center, Exchange admin centre, Cloud App Security, Microsoft Security & Compliance Center, Office 365 Calendar, Microsoft Online Services and *.microsoft.com.
Day two will start with small XSS challenges based on Office 365 experiences. Going deeper in to the second day, SharePoint Online, OneDrive and Project Web App (PWA) will feel the heat. The participants will dedicate the whole day around SharePoint Online, OneDrive and Project Web App. It includes classic and modern SharePoint along with SharePoint and OneDrive admin centre. I will show 100+ bounty award winning XSS bugs in SharePoint Online. Further, we will see some privilege escalation issues in SharePoint and I will explain how I was able to exploit SharePoint permission model.