Backdooring Azure with Group Ownership #shorts

Name: Backdooring Azure with Group Ownership #shorts
Uploaded: 2026-01-08
Duration: 41 s
Description: Group owners can add themselves as members, inheriting privileges. By adding yourself to a privileged group (like Application Administrator), you can backdoor service principles & reset the Global Admin password. #bsidesfrankfurt #bsides #bsidesfra #TomerNahum #JonathanElkabas #Semperis

BSides Frankfurt0:41167 viewsPublished 2026-01Watch on YouTube ↗

About this talk

Group owners can add themselves as members, inheriting privileges. By adding yourself to a privileged group (like Application Administrator), you can backdoor service principles & reset the Global Admin password. #bsidesfrankfurt #bsides #bsidesfra #TomerNahum #JonathanElkabas #Semperis

Show transcript [en]

If you're an owner of a group, you can add yourself as a member to that group and then you can inherit all the uh privilege those groups has that group has. So if you are an owner of a privilege group that has the role application administrator, you can basically add a secret to any you can basically back door any service principle within the environment. So what you do in this scenario uh you add yourself to the group. The next step is going to add a back door to a privilege service principle. That service principle is also a member in a given group, a privileged group. And you use it in order to reset the h the password

of the global MST.

Backdooring Azure with Group Ownership #shorts

Related talks