The SaaS RootKit: A New Attack Vector for Hidden Forwarding Rules in O365

Researchers detected a new SaaS vulnerability within Microsoft’s OAuth application registration. Through this vulnerability, anyone can leverage Exchange’s legacy API to create hidden forwarding rules in O365 mailboxes. This talk will demo the OAuth registration process in Microsoft as well as the use of the new vulnerability.

The explosion in the number and variety of Software-as-a-Service (SaaS) applications available to enterprise users creates an opportunity and a challenge to their employers. SaaS security posture management has arisen to address this issue.