Understand how Red Teaming can be your ultimate strategic "Sanity Check" Register now ›

Bishop Fox to Sponsor & Present at the 2023 BIC Winter Conference

Saturday, February 25, 2023
Virtual Event
BIC Winter Conference 2023 logo with snowflakes on dark background.

Join us online at the 2023 Blacks in Cybersecurity Winter Conference on Saturday, February 25, 2023! Bishop Fox is a proud Gold Sponsor.

Bishop Fox senior security consultant, Leron Gray, will present his session, "Gimme the Loot: Lemme Hold a Token Real Quick."

"Gimme the Loot – Lemme Hold a Token Real Quick"

With many organizations building their environment from the ground up in Azure and Azure AD without traditional networks, attackers need to change their mindset around initial access and lateral movement to match the nature of cloud environments. Azure AD environments with no Azure provisioned infrastructure (like storage or virtual machines) have much smaller footprints than traditional networks or even hybrid AD environments. This talk will discuss some of the challenges found in pentesting pure Azure AD/Office 365 environments and provides a scenario in which we go from recon to stealing user access tokens. Post-MFA headers are like currency, so lemme hold a dollar token real quick.

Purchase your tickets here.

Leron Gray Headshot BF

About the speaker, Leron Gray

Senior Security Consultant

Leron Gray is a senior security consultant on Bishop Fox's Red Team. With nine years of offensive security experience, he previously served on the Azure Red Team at Microsoft, as a penetration tester, and as a Cryptologic Technician (Networks) for the U.S. Navy.

Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

More by Leron

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.