← All talks

Escalate Privileges via Role Assignment #shorts

BSides Frankfurt0:49286 viewsPublished 2026-01Watch on YouTube ↗
About this talk
See how attackers escalate privileges by exploiting the READWRITEALL app role assignment, granting themselves Global Admin rights. A real-world example mirroring the Mitiga report & APT29 breach. #BsidesFrankfurt #Bsides #BsidesFra #TomerNahum #JonathanElkabas #Semperis
Show transcript [en]

Remember this uh role permission we saw earlier in the migga report and on how Microsoft got breached by AP29. This is the exact same scenario guys. You authenticate at the service principle and then uh you're using the app or assignment readrite all permission in order to grant yourself another permission because basically what this permission allows you is to grant yourself or to an identity in the tenant another permissions. So you grant yourself a privilege permission which is role management readr directory which allows you to grant any identity in the tenant any role you want. So you use it in in order to grant yourself the global admin role and then you basically reauthenticate in order to refresh the

JWT token and reset the password of the global administrator.

Related talks

0:38
Microsoft Security: Safe PC or Password Risk? #shorts
BSides Frankfurt
0:41
IP Geolocation Inaccuracy: Understanding Network Routing #shorts
BSides Frankfurt
0:18
Vibe Coding Explained: Simple Rules for Secure Programs #shorts
BSides Frankfurt
0:22
Microsoft Shared Folder Error 1272: Security Policy Explained #shorts
BSides Frankfurt
0:25
Impossible Game Bot: The Ultimate Training Data Challenge #shorts
BSides Frankfurt
1:22
Microsoft Share Error: Security Policies & Honeypot Gold! #shorts
BSides Frankfurt