All You Need is Guest

the stage is yours thank you and welcome uh I'm here to talk to you today um about Guest users in entry ID and what they can do in your tenant and I'll give you a small hint it's much more than you might think so um I'm actually going to talk to you about uh Mikel bgu's research he's the CTO and co-founder at zened a company that's focused on low code no code security uh recently also geni I'm a senior security researcher there and I'm also the answer to the question hacker or Rockstar why not both thank you I heard that that clapping thank you it's also my first time here I'm actually um very um uh

excited okay let's start I want to talk to you about the guests in ENT ID and what the real security boundaries for them are and I want to start doing so by actually talking about why do we even have a mechanism in uh in the tenants in entri ID to actually invite guests okay why do we even have that okay so let's say you're working in an organization you want to collaborate maybe with other vendors people from the outside you have a Millions a million reasons to do that right send uh sensitive data around whatever okay we have a few options to do that we can just send those emails right that's one option it's a very bad

option of course I think everybody can agree on that for numerous reasons also we can just ch um choose a file sharing platform for example and just put it there but that's very bad right it's just like trusting some random person on the uh Street a random USB we we basically leave ourselves wide open okay we have no information about what they do uh security wise another option actually pretty interesting is inviting them into our organization to our tenant that might be a better option okay now why is that a better option because when we invite them as guests basically we create external identities in the active directory and we can both um share more

resources with them while also enforcing some restrictions and protecting our resources so to speak um which okay that's a win-win right that sounds pretty good I I think okay so we can agree that in order for us to achieve safe guest access which sounds good it's really promising we need two things right first of all it needs to be easy right it can't be difficult okay no matter what your identity is Google OCTA Microsoft whatever the second thing is that it needs to be really easy for it and security to control okay we said something about security controls um yeah it needs to be easy to enforce those security controls okay so getting guest access the first thing okay let's

talk about that that is actually very very easy okay it's super easy let me show you here yes okay so we can see here A bunch of ways to do that it's basically we just need to plug in the email okay that's the tldr you can do it through teams you can do it through SharePoint you can do it uh through whatever you want it's very easy it takes 5 seconds and basically you just create that guest user you've just invited a guest user can be a hacker cannot can be not a hacker whatever okay super easy so we can agree that 0.1 happens right and this is a provision specific type of access and we'll talk about what that

means uh shortly okay but let's talk about the second thing is it really easy for it and security to control um well in order to answer that let's actually understand what happens okay because on the left side we have the identity providers of the external entities or whatever the guests on the right side we have the identity provider for our organization okay and the cool thing here is that when they a link when the link is established basically we enforce a bunch of security protections upon them right we said that they have now external uh they created in our active directory as external identities and so we can activate things like security controls MFA and all these good things

that sounds perfect right sounds really really good okay um but wait a minute then we just say something about active directory guests somebody external in our active directory that sounds a little odd um what does that mean do they get full access well uh luckily no okay that would be really strange if they would because we'd be basically inviting somebody um random or somebody external to have the same um permissions as uh some uh someone that works for us okay we don't want that and so we want um a deny by default access okay and this is really really important but this is also part of the mechanism that we want to examine in this talk okay this

is part of it okay and the reason for that is what all that we've discussed so far is the promise of security for guests okay it's the theory okay now let's talk about the practice okay and you might see you might find some main key differences okay so um as a benign user let's go into our tenant okay into our entro ID you can see that I'm a benign user because of the green icon on the right Lower Side okay I'm logging in I'm uh I'm I'm already logged in actually I want to invite somebody in okay let's see that okay as a benign user I start just I want to add it as a

member I'm starting to add them okay I enter their email why not a hacker you know why not and I'm inviting them okay that that's everything okay press on a banner basically they're invited real easy we said that what happens on the other side right as the hacker now okay and we can see that according to the red icon okay I log into to my hacker tenant right I have a hacker tenant and then my email gets um my tenant gets a a consent okay I have to accept the invitation from that guest tenant okay once I accept that I go to that guest tenant that I've been invited to but I don't see anything right I see an apps um

window and it's empty okay there's nothing there this is great actually because we said we wanted deny by default okay this is great great um so you know maybe everything works as expected and uh you know maybe we can just go home I think maybe uh we're done but but not exactly of course um because we have to talk about the real Attack surface of guests okay and I want to start doing this by actually explaining something okay so what we're trying to see is that guests are much more powerful than you might think okay two examples of that are first of all team based fishing okay so teams is one of the main platforms that uh organizations

use to collaborate okay and it's both a collaborative platform but it's also an Enterprise platform and those things sometimes don't work well they don't mix well and one example of that is that users in teams from one tenant can actually send messages to users in another tenant okay and we're all used to teams being internal okay so this is kind of confusing and uh attackers abuse this okay this is just from the Microsoft log an example of how APS used something called team Fisher you can look it up it's an open source tool it's pretty cool because they actually um not only abuse the fact that you can send cross tenant uh messages but they also H were able to

bypass some security restrictions and attach files to teams so that's in a way uh moving fishing from emails to teams okay uh that's really powerful and you can do that as a guest okay if you invite somebody as a guest okay because there are two talents involved and this is actually pretty um pretty interesting because if you look how it on on how it looks like in teams can you even spot that it's an external user maybe not from the distance but it's really really small that's right there the upper red box that's your protection mechanism it says like really really small external in uh to parenthesis okay so that's your protection mechanism okay and this is

somewhat concerning okay so that's one powerful thing that we can do as guests another really cool thing uh that I always love is Recon so you wouldn't expect that somebody that I had just invited to my organization as a guest would be able to Recon users on my tenant right that doesn't make sense why would he be able to do that he's a guest he is not supposed to have like deny by default access but there's a really real really cool um tool and research that I really recommend uh you go to called aad internals if you're interested in uh in all this um subject okay and what it says actually is that you can definitely

do that okay it's it's really possible and you can do that and we're not going to like dive into it because that's beyond the scope of this talk but it's basically um abusing the fact that you can say okay I have my user id if I have a user ID even as a guest I can know which roles and which groups that user ID has now the guest is always in the guest group okay and if I have a guest um sorry a group a certain group's ID I can know which users are there so you understand where I'm getting here you can do this recursively and sometimes the guest is in more than one group and

you end up with a much larger um number of users that you can actually enumerate and this is not it will probably not be for all the tenants users but it's a large list okay so that's pretty crazy right I I mean if we haven't updated our threat models with guests um being abused by attackers guests um guest access then we actually should do this but you know hackers always want more right we want to uh change stuff we want to destroy stuff we want to edit stuff um okay what else can we actually do so let's switch gears now and actually go to the main part of the talk which is the real Attack surface of guests okay

and before before we do that I have to tell you that you have a choice you can stop here uh assuming you have a tenant at home and enter ID you can just go home because I might kind of ruin your uh week now because you'll understand that you have a load of work to do when you get back uh to the office or you can stay and listen to what I have to say uh assuming there's no takers here I'll actually continue okay and by continuing I'm actually going to go to that link on the left and when I click h on it as a guest I'm actually going to go to something called power

apps within the Power Platform ecosystem okay I get again as a hacker I get to this hello screen okay that's great and then there's a disconnect okay basically it's saying hey wait wait a minute it's a deny by default who are you you're not part of this tenant go home okay I go home to my tenant basically there's a redirect that's uh cool I guess uh but then I I can see okay that shows us that we're in our home tenant pontos by the way uh which is a tribute yes somebody understood and if we click on switch directory we can actually see whatever other tenants whatever full tenants we can access to okay the ones for example

that we've been invited to what what if I just switch to that tenant again and I go to connections okay now uh this is by the way the original URL that we tried to enter now the thing about this is we're looking looking at a list of something it looks kind of interesting right as security uh people we're seeing like aure file storage SQL is your store blob blah blah blah it's it's kind of interesting okay and that's because Connections in the Power Platform ecosystem are actually interchangeable with credentials and I'll explain what that means but basically we're looking at a credentials list for different data sources okay and that's kind of weird why would a guest like ourselves right

as a hacker in this situation be even able to see this it's kind of odd right let's try to understand that a little bit further let's click on one and if we click here we see a share button now I don't know about you but my mother always said don't share your credentials so it's kind of weird that we have a a share button on something that we just said hey it's like it's exactly like credentials that's kind of odd and we let's try to understand exactly what's happening here okay so if we press on share we see that uh this connection okay has already been shared with several entities okay one of them is the

entire organization uh which could explain maybe why we're seeing it and we have two other entries for Jamie wherever Jamie is okay we have an Outlook and a non Outlook because why not and folks this is of course the problem right somebody shared this connection which again is interchangeable with a credential in a Power Platform ecosystem with the entire organization it might have been Jamie uh we'll figure that out uh but this is the root of the issue okay this is concerning so let's try to understand what's exactly behind this why is this even happening right um we click we click on details next and we see that Jamie is the owner oh Jamie she

um she shared it but Jamie is basically a business user okay so what what does that mean why are business users in this case a customer service representative why are they sharing credentials what what's happening here okay and what's happening here is that business users in the low code no code era are bu uh building uh uh apps okay they're doing it they've been doing it actually for years using dragging and dropping and they are doing it now using gen and they can just just you know plug into a chat GPT like uh text llm whatever and just create an application including all the misconfigurations that come along with it and they can just do it um themselves

okay and this is already happening okay if you kind of think yeah you know my organization we're a financial service we don't really do that um I have to convince you that according to Microsoft I have to convince you that's probably wrong because according to Microsoft last year there were 8 million of these citizen developers okay compared to for example c.net which were only there were only 5 million okay and how much security are we investing in these citizen developers okay these business users okay now also remember their business users they're not supposed to be Security Experts okay they aren't and they should they shouldn't be okay so of course they're going to make um um

misconfigurations right we have to help them we have to own this okay so now that we've actually seen all of this this is kind of interesting what can we actually do with that as attackers okay let's look at that so we're back here at the specific connection we observed earlier as the attacker you can actually see two different tabs here okay let's click on the apps using this connection and we can see that there's an application actually using what we said was a credential what we say was a connection and we'll explain that shortly we click on it because as hackers we're saying okay let's see what we can find F can we actually xfill some

data here and then we get to this page we see that there's a link here and a bunch of info okay let's click on the lake and try to understand what's going on oh we get an error okay what's going on here okay we get some error about something we don't have a correct plan or something ask your admin whatever if we read this a little bit more thorough uh thorough we actually notice that it's basically saying listen you don't have a license for power apps but you can ask your admin for one um so maybe if we ask our hacker tenant admin for one would that work would we be able to access uh this power apps in

another tenant for which we saw an error that we don't have a license let's let's try I mean why not we go to Microsoft we say hi I'm a hacker uh please give me a license and we get a license because it's our home tenant and basically we can get whichever license we want right um and then and it works okay that's cool um so we we've kind of bypassed that issue but then we get another thing okay it's interesting it says something about a data loss prevention policy blah blah we we look through it we actually see that it's basically blocking us okay DLP which we might be familiar with from other aspects of security is blocking us

and that's actually pretty great because we know what a DLP is from other um sections of security and it's supposed to mitigate that access it's supposed to safeguard it that's great okay let's try to actually understand what's going on here because it seems that the DP is actually built into Power Platform oh oh perfect so let's actually create one now as a benign user to try to understand how what a DLP is here okay and let's say social security numbers um you know just create like a demo one okay let's assign connectors connectors in Power Platform are basically data source types okay we can see SharePoint one drive okay cool okay but then when we actually

pick one we start noticing something maybe a little strange okay we don't have any granularity and basically this isn't a DLP and maybe the sense that we are used to okay it's not labeling it's not really doing some data exfiltration protection it's basically a an allow and deny list okay and that's um a problem in a way and you sometimes have more security mechanisms in Power Platform but these things these dlps they're basically um allow and Deni lists for the data sources that these apps use okay and that's a little bit of an issue because we don't have any user associ Association here and we're basically saying okay I don't want any app to use

this kind of data source um you know you could start to think about this as a hacker and say wait a minute that's that's a that leaves a bit of a security hole uh right so we at the company actually have a hobby to find these security holes there are quite a few and the thing about these are that um it's I'm talking about this not to say that the DLP mechanism is bad it's a good tool but it's not a security boundary okay it's a governance tool okay it will not stop any hacker or any uh persistent citizen developer from actually abusing Power Platform okay and this is important for for us to understand okay

so um let's actually go back to the hacker perspective here and let's try to see what we can do okay so for a moment I'm going to deactivate that DLP okay because I want to see what we can get from the data source so I'm going into the DLP and I'm actually going to close things I'm going to uh unblock data sources the one that we saw maybe some others that the application is using don't worry we'll get back to this in in a moment okay I won't forget I promise so as a benign user We Now log into the app again without that restriction and we have this screen okay and it says allow and notice that it's

not it's an allow but it's not granting access in the ooth uh scope permission sense this is credentials sharing okay this is what's going to happen here and I'll explain that in a moment okay we press on allow and then we see the data okay that's great that's what we wanted okay we are seeing data via power apps okay we can see the customers here okay interesting what what's actually happening here though okay when we look at through our browser we open the developer tools we can see that actually there's an API invocation uh call here okay there's an API call getting that data okay and this is actually interesting because when we observe this further we're not seeing

anything uh like like an oath that um we get access to to perform operations on the user's behalf or anything we're basically seeing an API call that is replaying some secret back and that's what's allowing us to access that data source and that's uh kind of surprising okay and it also we can see that it starts with apim which is the API Hub it's an internal Microsoft resource okay so let's try to figure out what's going on here let's copy this uh request to the side okay let's just look at it as a curl request or whatever we can see we have a get in this uh example could have been by the way another method um and we can see that

there's a domain here the apim the API Hub that we talked about that allows us to get this information then we can see SQL which is the data source right we have a specific ID because it's specific instance of an SQL this is by the way also what the credentials are related to then we have an operation Rel to the uh data set to to the application and finally we have something that is actually when we decode it it's the table right it's the table that was accessed through the app okay that's pretty cool what what's what what the hell's going on here so what what's going on here is that we have the API uh

uh management for Azure that sits between Power Platform and whatever data source that we actually fetch okay and what H that API has is a credential a metadata store in which it stores secrets okay so when when you plug when you create a connection you actually plug in credentials that are being stored there and you actually share if you share that connection you share not the credentials themselves directly but you actually share the ability to call that API and then use it on your behalf and that's interesting okay maybe we can use that what if we just copy that request and don't go through powerups at all now I mean we have an API C what do we need

powerups directly now uh would we be able to see the data Maybe well the answer is yes we can just see the data that was that the DLP or the power apps tried to stop us okay we can just access it directly okay and the reason why this work is it works is because the DLP wasn't blocking the connection it wasn't blocking the connection to the data source it was blocking apps from using it and now this has been um disclosed and resolved okay but notice that it's one of the holes that we mentioned earlier but note that you should still beware because the fix is only relevant for new connections okay um and this is kind of

concerning I think okay and okay so what actually can we do with this this how can we really leverage it to like get a full home run from the hacker perspective so let's take a closer look at this API okay now this API it uses a token now we're looking at jot iio to actually understand we needed a token to actually um be able to send that API request we couldn't just do it uh right off the bat right we needed a token to do that and we could do that with a power apps token which has this specific scope for that API Hub that we just mentioned so I mean we want to get a

full home run or whatever the uh phrase is uh can we maybe generate our own token to do that well we know that we can generate tokens right that's a mechanism that we understand but we need the correct client ID we need the correct application so what if we use uh public app maybe to do that c can we maybe do that well no and the reason is because it needs to be pre-approved in the T ten so in other word this means that it wouldn't exist in every in any tenant the second thing that we want to try is maybe if uh we can create our own app so no also because it needs to be

able to uh query the msft internal scope so now we're really really really close so what can we do so we're going to solve this actually by doing three things we're going to find an application that's on by default that is pre-approved to query that internal resource and that is able to generate tokens on demand okay we want a full bypass here and it's supposed to be a public client for that okay and one application that does that is the power apps portal okay because we saw it earlier we were able to do that but not exactly we couldn't actually generate tokens on its behalf so we're going to solve this using a really really neat

piece of research called um the family of client IDs research and in a nutshell it just enables you to exchange one token for another okay but they have to be within the same family of tokens that's what it basically says and this is exactly why you don't have to relog in to SharePoint and stuff like that when you go to it from another subdomain or whatever to from another Microsoft domain so this is a family of tokens for example and notice that if we compromise one we basically compromise all of them so power apps is what we wanted it worked and we can also use the Azure CLI because we we know that we can generate

tokens on demand so would that work could we create one and exchange for the other well yes that works we get a login screen and that's a full home one so just to uh finish I want to show you how you can uh do this too okay so introducing power Pon it's an open source red teaming tool that's also Mel's uh red team research uh contribution it has several uh modules we're going to focus on the dumang GUI but I really recommend you focus on other uh experiment on others as well it's on GitHub um if we use it on the tenant uh we and we log in we can just get to this we can

see this screen okay after it does all the heavy lifting for us we can see some of the connections we saw earlier as a hacker if we press on dump we can actually see those data sources okay and we have the uh all the information that we saw yeah I'm just finishing um and then if we press on playground we can just send arbitrary queries um and we can basically do anything for those connections so I really recommend you look at it and do I have time to say a few uh last words of Defense of how we can protect against no okay so thank you very much with that we're done thank you