Microsoft Defender for Office 365 evasion. The story of confirmed vulnerability
"Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Safe Attachments routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent.
Safe Links provides time-of-click verification of URLs.
It sounds cool and, in fact, is a black box that we should completely trust.
Session is an opening of this black box, based on own research and discovered vulnerabilities..
Vulnerability was reported and confirmed by Microsoft Security Research.
Live demos only.
- Testing malicious attachments. An example of attachments that are detected.
- Inside the sandbox. What is Safe Attachments from the inside and how does it work.
- Safe Attachments bypass. How the vulnerability was discovered.
- The fix. What did Microsoft do to fix the vulnerability
- Testing malicious links. An example of links that are blocked.
- Safe Links bypass. How attackers can bypass the link protection.
The session will be of interest to everyone who is interested in cloud protection and uses the Microsoft 365 cloud."
Time: 10:00 - 10:50