Loading…
THE MUST ATTEND EVENT FOR CYBERSECURITY PROFESSIONALS
Thursday September 26, 2024 10:30am - 11:15am PDT
You may upload the speaker slides ​here.​​​

Whatever your need as a hacker post-compromise, Microsoft Copilot has got you covered. Covertly search for sensitive data and parse it nicely for your use. Exfiltrate it out without generating logs. Most frightening, Microsoft Copilot will help you phish to move lately. Heck, it will even social engineer victims for you!




This talk is a comprehensive analysis of Microsoft copilot taken to red-team-level practicality. We will show how Copilot plugins can be used to install a backdoor into other user’s copilot interactions, allowing for data theft as a starter and AI-based social engineering as the main course. We’ll show how hackers can circumvent built-in security controls which focus on files and data by using AI against them.




Next, we will drop LOLCopilot, a red-teaming tool for abusing Microsoft Copilot as an ethical hacker to do all of the above. The tool works with default configuration in any M365 copilot-enabled tenant.




Finally, we will recommend detection and hardening your can put in place to protect against malicious insiders and threat actors with Copilot access.

Speakers
avatar for Michael Bargury

Michael Bargury

Co-Founder and CTO, Zenity
Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past... Read More →
Thursday September 26, 2024 10:30am - 11:15am PDT
Room: Grand Ballroom
Feedback form is now closed.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link