CypherCon 2025
| CARVIEW |
Select Language
HTTP/2 200
server: nginx
date: Fri, 10 Oct 2025 06:58:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cache-enabled: True
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
link: ; rel=shortlink
x-httpd-modphp: 1
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-proxy-cache: EXPIRED
x-proxy-cache-info: 0 NC:000000 UP:
content-encoding: gzip
Finding Holes in Conditional Access Policies – CypherCon Skip to main content 
Finding Holes in Conditional Access Policies
Brandon Colley
Microsoft Entra Conditional Access sits at the forefront of organization’s security boundaries. The ever-changing climate of conditional access continues to give administrators more and more security controls. The tradeoff of which is increased complexity when attempting to balance security and productivity. The more policies deployed in a tenant, the greater the chance for misconfigurations that create opportunities for exploitation. Whether you’re a cloud administrator, security consultant, or adversary, the goal remains the same: find the holes in conditional access.
This talk discusses lessons learned from real-life engagements and identifies multiple strategies for evaluating conditional access. Topics and tooling are explored that view conditional access from several different angles. First, understanding PowerShell and Graph API is vital when combing through policies, finding gaps in user, group, role, location, application, or device configuration. Second, simulation of logon criteria and reporting on authentication events helps to understand where policies fall short. Finally, creating a visual representation of each policy is helpful to better see policy details or build executive reports. Each of these provides an important piece of the puzzle when attempting to identify methods to bypass security controls.
Audience members should expect to leave with an arsenal of new tools and techniques to continuously monitor conditional access for risk.
Importance: Over the last several years, I have helped numerous companies improve their cloud security posture. I continue to be surprised at the increasing number of conditional access policies being layered one after the other. I see MFA policies that are not applied to all privileged roles, location limiting policies that overlap trusted IP scopes, policies using numerous different conditions yielding them nearly impossible to apply, and many more.
This topic speaks to a vast audience, as defenders should be aware of the power conditional access has in their tenant. Assessors and pentesters should be performing in-depth evaluations of conditional access to investigate opportunities for lateral movement and security bypass.
Tools and techniques discussed in this talk begin with built-in Entra features like “insights and reporting”, and using the what-if tool. I will also highlight scripts written by Sean McAvinue, idPowerToys by Merill Fernando, the Maester framework, and a few simple transparent scripts of my own. Thank you for your time and consideration. I very much look forward to my first CypherCon.
Brandon Colley
Holes like AD donuts
Brandon Colley(@techBrandon) has over fifteen years of experience administering and securing Active Directory (AD) and Windows environments. Brandon is a Senior Security Consultant and Service Lead for Trimarc specializing in providing reality-based AD and Entra ID security assessments. He served as a systems administrator for multiple organizations before shifting career focus to information security. He has published multiple articles through Quest, Practical 365 and Trimarc Hub. Brandon enjoys speaking engagements and has previously presented at DEFCON, BsidesKC, Hackers Teaching Hackers, and PancakesCon. He co-hosts a weekly podcast, interviewing infosec professionals and has appeared on multiple broadcasts, including the Phillip Wylie Show. Brandon delivers material in a humorous, yet effective manner with a focus on content built for a Blue Team through a Red lens.
Close Menu
- Register
- Topics
- AerospaceCypherCon’s Aerospace Hacking community consists of hackers, cybersecurity professionals, aviation engineers, and pilots coming from local public and private sectors. We believe in protecting human life by ensuring the skies are safe, reliable, and trustworthy which is dependent on secure aviation and space operations. Aerospace hackers & Cybersecurity researchers have been testing and securing the skies & space. At the CypherCon the Aerospace community speaks on what it takes to secure aviation, aerospace, defense, transportation and manufacturing industries. In addition, we have a close relationship with Oshkosh’s EAA, the experimental aircraft associates and annual air show and gathering of aviation enthusiasts held each summer at Wittman Regional Airport and adjacent Pioneer Airport in Oshkosh, Wisconsin, United States.
- Application Security (AppSec)CypherCon’s Application Security (AppSec) community consists of hackers from the red team (attackers – works to break into systems), the blue team (defenders – works to keep the systems safe) and the purple team (Mix of both red teams and blue teams working to improve collaboration) Application Security (AppSec) members come together to learn how to exploit software vulnerabilities and other weaknesses in software. Software is everywhere and in everything. The software attack surface continues to grow and is attractive for abuse.
- Artificial Intelligence (AI)Artificial Intelligence (AI) hacking is a growing communnity here at CypherCon. AI and machine learning is vulnerable to cyber attacks with it’s core of modern AI—are rife with vulnerabilities. Attack code to exploit these vulnerabilities has already proliferated across the community while defensive techniques are young, limited, and struggling to keep up. Machine learning vulnerabilities permit hackers and attackers to manipulate the machine learning systems’ integrity (causing them to make mistakes), confidentiality (causing them to leak information), and availability (causing them to cease functioning). Where can hackers come into play to protect AI systems?
- AutomotiveAutomotive or Car Hacking has become critically important. We all drive and ride in vehicles with an incredible number of computers and connectivity. Today all new cars are connected through V2X technologies. Manufacturers are coming out with new technologies for Vehicle industries and business tracking like Fleet management systems, diagnosis toolset, etc. These systems belong to third-party vendors full of vulnerabilities. To better tackle these flaws, a particular set of skills for the automotive and car hacking professionals is required.
- BiohackingBiohacking can be described as hacker citizens or do-it-yourself biology. For many “biohackers,” this consists of making small-medium or incremental changes to one’s lifestyle to make small improvements in your health and well-being. However there are many categories of biohacking: • Biotechnology • BioArt • DNA • Bioinformatics • CRISPR • Human Sexuality • Grinders • Citizen-Scientists & DIY Research • Culture • 3D Printing • Biomedical • Engineering • Implants • Coatings • Magnets • Robotics • Augmentation • Neurotech • InfoSec • BioTech • BioSecurity • BioTerrorism • iGEM • Public Health • Health Hacking • Bio Law • Bioethics • Design • BioBricks • Synthetics • Healthcare • Food & Diet & Nutrition Hacks • Mind Hacks • Tissue Engineering (medical & non-medical) • Biochemical Synthesis • Biohacking 101 • Biosafety • Neuro-Informatics • Nootropics • Aging and Life Extension • Transhumanism • Epigenetics • Archeology • Biophilic Architecture
- Blue TeamNot everything is offensive, many hackers work on the defensive side. Blue Team is a community built for and by defenders. It’s a place to gather, talk, share, and learn from other blue team hackers about the latest tools, technologies, and tactics that our community can use to detect attackers and prevent them from achieving their goals. Many times, our defenders are providing our organizations from nation states!
- CareersWe all have skills sought after in the market place. Do you want a meaningful career with great benefits and security? CypherCon blends a career “fair” and mentorship/coaching from a hackers perspective. CypherCon’s hacker career village brings together students, professionals, and employers for networking, recruiting and career conversations. Find your future direction.
- CloudCloud hacking is the act of checking for security vulnerabilities and weaknesses in an organization’s cloud infrastructure. CypherCon’s Cloud Hacking village offers an open space to meet Wisconsin hackers interested in offensive and defensive aspects of cloud security. Cloud Hacking Topics include offensive techniques, tools, threat and vulnerability sharing, and general knowledge related to cloud security. Defensive knowledge is also welcome at cloud hacking village! At the end of the day the primary goal is to make clouds safer, and both red teamers and blue teamers are welcome to submit content. Get involved!
- Cold WarInformation has always been a key commodity. The cold war hacking or espionage village blends the historical Cold War espionage that was focused on gaining an advantage in information about the enemies’ capabilities, especially related to atomic weaponry. Has that ever really changed as we entered into cyberwar? Learn from our history to guide you into the future at the cold war hacking village.
- CryptocurrencyMaking sense of bitcoin, cryptocurrency and blockchain can be challenging. CypherCon Hackers will help answer your questions. What is it? How does it work? How it can be used? What cryptography is used in the underlying technology? How will blockchain evolve technology? Learn more from our hackers at the cryptocurrency and blockchain village.
- DatabasesEver wonder what database hacking methods exist? How do you know if the database is vulnerable? The best way to make sure your database is secure from bad actors is to think like a hacker. Database hacking at CypherCon dives into the numerous types of databases and many different ways to compromise them. Can you crack the database root password or run a known database exploit?
- Encryption & CyphersThe bread and butter of CypherCon! Cyphers or more commonly, Ciphers, also called encryption algorithms, are systems for encrypting and decrypting data. A cipher converts the original message, called plaintext, into ciphertext using a key to determine how it is done. We are actually a Cryptography conference disguised as a hacker conference, we strive for 20% of our talks to be related to Cryptography.
- Executive
- Forensics
- Game Hacking
- Hacker Culture & Music
- Hacking 101
- Hardware & Soldering
- Healthcare
- ICSIndustrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate and/or automate industrial processes.
- Incident Response
- Internet of Things (IoT)
- Keynote
- Locks & Safes
- Malware
- Mobile
- Open Source
- Password Cracking
- Privacy
- Red Team
- Risk
- Social Engineering
- Threat Intelligence
- Vintage Hacking
- Wireless
- News
- Party
- Run.exe
- Travel
- FAQ
- Participate
- About Us
- Contact