How Attackers can abuse application Consent for malicious Persistence.
Applications are modernizing. With that, the way permissions for these applications are granted are also changing. These new changes can allow an attacker to have sustained persistence in plain sight if we don’t understand how this work and where to look. What is the difference if an application has permissions or an application has delegated permissions? Why did that admin account consent to that application, should I be worried? Is that application over privileged? I have thousands of apps, how do I account for this? How do I govern the privileged application to detect over permission access. This session we will look to demystify and bring clarity to these questions. You’ll understand these new application models and how they can be abused for sustained persistence, how these permissions work and what over privileged looks like and finally, how to find them in your environment.