As Enterprises rush to adopt Office365 for increased business agility and cost reduction, too few are taking time to truly evaluate the risk associated with this decision. This briefing will attempt to shine a light on the potential hazards of Microsoft's SaaS offerings while also demonstrating a practical example of what a malicious actor can do when Office365 is allowed into the Enterprise.
Specifically, this presentation will outline in detail how an attacker can leverage the combination of Office365+PowerShell to take advantage of native features which:
• Mount external Office365 storage and conceal its presence from end-users • Encrypt and facilitate innocuous external communication with C2 • Exfiltrate data at high speed • Bypass AV, DLP, Sandboxes, and NGFW along the way.