Name: Defending Entra ID and Office 365 Using the Prism of GraphRunner
Start: 2025-06-03T15:00:00-0400
End: 2025-06-03T15:50:00-0400

Streaming: https://mssvideo.vcu.edu/RVAsec

Tuesday June 3, 2025 3:00pm - 3:50pm EDT

Upstairs, Grand Ballroom F/G

For organizations using Microsoft Entra ID and O365, it’s important to understand the landscape of the Graph API, how data is accessed and the logs available to gain visibility into probes and attacks that are targeting users and their information stores.

To drive this awareness, I’ve chosen to use a red team toolkit called GraphRunner that empowers offensive cyber practitioners an easy to use method to get started probing Microsoft Entra ID and Office 365 tenants. On the flip side of this, we are going to take a look at the logs generated by GraphRunner in a simulated attack chain to better understand what a blue teamer might see and how they can build detections and hunt, not just for GraphRunner, but for suspicious activities occurring within their Entra ID and Office 365 tenant.

Speakers

John Stoner

Principal Security Strategist, Google Cloud

John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users' capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations... Read More →

Tuesday June 3, 2025 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

RVAsec 14

John Stoner

Attendees (9)

RVAsec 14

John Stoner

Attendees (9)

Log in to save this to your schedule, view media, leave feedback and see who's attending!