Skip to main content
Azure Buddy Online
  1. Blogs/

Azure Buddy recap of Yellowhat The Microsoft Security Conference

blogs Microsoft yellowhat Cyber security Defender Sentinel Purview Technology Conference OAuth Hack
Arnold van Wijnbergen
Author
Arnold van Wijnbergen
Your buddy for Azure knowledge
Table of Contents

Yellowhat: Premier cybersecurity event dedicated to Microsoft Security Technology
#

Introduction
#

Last Thursday afternoon I joined 150+ Microsoft Security experts at Yellowhat. The event was organized at the Microsoft head office at Schiphol. Online there were also approx 1500 registered attendees watching.

Entrance and Atmosphere
#

After a warm welcome by Rhesa Baar and entering the conference area you already spotted a lot of Yellowhat’s. I do mean real Yellowhat’s for construction workers 👷 . Later when entering the conference room, welcomed by Maarten Goet every attendee got a unique Yellowhat as swag, which made everyone part of this unique 🔐 cyber cat photo moment.

Bootstrapping the Yellowhat’s
#

During the introduction Koos Goossens 🔐 interviewed Dan Michelson who explained why and where the idea of Yellowhat’s was born ✨ . Cool to hear about this fun fact.

After an inspiring 🚀 keynote talk by Raviv Tamir taking us into the Microsoft roadmap towards a modern SOC, other amazing sessions followed.

From XDR, the OAuth attack landscape, towards insights into advanced capabilities like automatic attack disruption. In-depth analysis techniques were shown by Thomas Naunheim hitting the 🔥 edges of almost 200 lines of KQL query, which he explained during a demonstration on how to hunt for OAuth tokens. The most impressive session was about Windows Hello abuse, where Dirk-jan Mollema showed how passwordless authentication can be fooled by intercepting PRT’s when Windows Hello is used over RDP towards a non-TPM device.

Favorite talks you don’t want to miss!
#

Looking back my favorites talks were definitely about hunting OAuth tokens and Windows Hello abuse. If you want to learn more about these sessions, I’ve already gathered some resources.

Hunt for OAuth tokens 👉 GitHub Cloud-Architekt slides Abusing Windows Hello 👉 DEF CON 32 Slides

Again I want to thank 🙏 the organization, speakers and attendees, for making this such a great 💛💙 event.

Stay tuned for upcoming training sessions and insights, and feel free to contact me if you want to know more about how my MCT certification can help you on your own learning journey.

Hopefully you have enjoyed reading this blog and also got excited becoming Microsoft Certified. If you want to learn more, just subscribe to my socials for more great content!

-Azure Buddy

Related

Exchanging Threat Intelligence using TAXII in Microsoft's Unified Security Operations Platform
blogs Defender Sentinel SecOps Cyber Security STIX TAXII Unified
STIX entering Microsoft's Unified Security Operations Platform
blogs Defender Sentinel SecOps Cyber Security STIX TAXII Unified
Another milestone in Azure Buddy’s Azure journey
blogs azure MCT cloud security Train-the-Trainer Training Microsoft Technology Certified Trainer Instructor
Threat Modeling by Example using STRIDE
blogs threat modeling OWASP Stride Cybersecurity security Process Introductiom Microsoft
Things you may have missed from MS Build 2024
blogs azure cloud-native cloud security MSBuild Confidential Github AI Copilot LLM Redteaming defense tactics Observability
How to use Nuclei and Ingest scan results into your Log Analytics Workspace
16 mins
Arnold van Wijnbergen
tips tricks Microsoft security azure Nuclei Pentesting DevSecOps LAW Data Collection Rules Data Collection Enpoints Kusto KQL Python Vulnerability Assessment Open Source Integration