APT29 Attack Path Explained #shorts

Name: APT29 Attack Path Explained #shorts
Uploaded: 2026-01-08
Duration: 52 s
Description: APT29 compromised a legacy test account via password spraying. This gave them ownership over a legacy OAuth application with an identity inside Microsoft's corporate tenant. A simple attack with big implications. #bsidesfrankfurt #bsides #bsidesfra #TomerNahum #JonathanElkabas #Semperis

BSides Frankfurt0:52127 viewsPublished 2026-01Watch on YouTube ↗

About this talk

APT29 compromised a legacy test account via password spraying. This gave them ownership over a legacy OAuth application with an identity inside Microsoft's corporate tenant. A simple attack with big implications. #bsidesfrankfurt #bsides #bsidesfra #TomerNahum #JonathanElkabas #Semperis

Show transcript [en]

At the end of the day, the attack path is very very straightforward. Okay. So, a29 uh got access uh by password spraying um a legacy test account in their legacy test tenant. Again, the words here are very very important because uh I'm sure that many uh people went over this uh document in order to save any trouble for Microsoft. But again uh a legacy test account got compromised then but somehow it got an ownership over a legacy of application and that application as a an identity inside Microsoft own cooperate tenant and maybe this connection uh might seem a bit I don't know unclear how they move from one tenant to another. So let me just uh elaborate a bit on

APT29 Attack Path Explained #shorts

Related talks