Date: September 25, 2025 (GMT +8)

Time: 14:20

This talk reveals a silent but critical misconfiguration in Microsoft Enterprise Enrollment that allows any authenticated user to export sensitive enterprise user data, including emails, job roles, and contact info, without elevated permissions. We'll uncover how this overlooked flaw can lead to data breaches and share best practices for securely configuring Azure to prevent similar risks.

This is based on a real-world external penetration testing engagement. During the assessment, my team discovered a service account exposed through an insecure website. We were able to leverage this account and abuse a misconfiguration in Microsoft Enterprise Enrollment, Entra, and Intune. This misconfiguration led to the unintended exposure of sensitive enterprise user data, including thousands of employee email addresses, job roles, and contact information. I'm looking forward to sharing the technical details, impact, and lessons learned from this discovery.

Speaker

OfflineIsNewLuxury
Jeffrey is a Vice President of Consulting Services at DACTA Global, specializing in Offensive Security, with more than a decade of experience in Penetration Testing, Vulnerability Management, Cyber Threat Intelligence, and Security Operations. He has led and delivered security assessments for businesses, enterprises, and government agencies, identifying and mitigating critical vulnerabilities across networks, Active Directory, web applications, APIs, wireless networks, and mobile platforms (iOS & Android).

As a recognized expert, Jeffrey actively participates in bug bounty programs and has been acknowledged by top organizations, including Apple, Oracle, Toyota, and Morgan Stanley. His research has contributed to the discovery of multiple vulnerabilities, earning him four CVE IDs.

In May 2024, he presented an API security tool at the Black Hat Arsenal in Singapore, showcasing an API scanning tool designed to enhance security and detect vulnerabilities in API applications.

« Back