Conference: Way West Hackin Fest
A new and novel Office365 user enumeration technique against Federated environments. Valid/Invalid user responses aren't standard, so dynamic analysis of indicators can be used to determine a baseline for each organization. This baseline can then be used to enumerate users.
- Slides: PPTX
- Video: Vimeo - Password: battleship2022
- Blog: WhyNotSecurity
- Tool: Github