UnOAuthorized: The Previously Untold Findings (June 12th)
Thursday, June 12th, 2025: 2:00 PM to 3:00 PM
At Black Hat USA 2024, UnOAuthorized revealed an undocumented Microsoft authorization model that allowed some unexpected actions in Entra ID (Azure AD). This included finding a path of privilege elevation from lower roles up to Global Administrator - the Domain Admin of the cloud.
But in that disclosure, some findings had to be left out. Until now.
Join us to explore the full scope of UnOAuthorized. We'll briefly recap the original vulnerability and resolution and then unveil the remaining findings we can finally discuss. We'll cover the impact of the findings and how they're different from others, and what exactly took so long to be able to disclose.
Hosted by Blackhat