Viktor Hedberg
Senior Technical Architect @ Truesec AB
Värnamo, Sweden
Actions
Security consultant with a focus on Microsoft Security either on-prem or in the cloud, and a blueteamer at heart. Viktor has worked within IT for the past 10 years always within Cyber Security. Working for public sector in Sweden for years but now as a specialist at Truesec AB focusing on proactive security measures, DFIR and advises on all things cyber.
Links
Area of Expertise
Topics
Device Code Phishing, how to detect and prevent those nasty phishers...
Device Code Phishing is more common than you´d think. Simply because it works better than asking for a username and password.
This session will show you common attack scenarios targeting both regular users and admins (god forbid) with device code phishing, and of course what we can implement to prevent it from occurring. We will also look at enumeration from an external/guest point of view to identify an appropriate target to phish.
Oops, I can read your Conditional Access Policies without being an admin.
This session will look at some of the caveats with AAD Graph API. My research found that if you have a token for these APIs, you have pretty much unhindered access for reading and exporting anything that uses AAD Graph.
Including, reading Conditional Access Policies as an end user.
The session will go through how this is possible, how to do it and demoing the toolkit I created for exporting all of this data as an end user.
Manage, Monitor and Secure Windows Server using Azure Arc, Log Analytics and Defender
How do you make sure your hybrid Infrastructure is up to date, secure and keep tracks of security posture?
This session will look at how we can leverage the cloud to secure on-prem, in more ways than one!
Covering topics on Azure Arc, Azure AD, Conditional Access on servers(!) and more...
Tiering in Azure - How should it be done?
We have been talking about Tiering in Active Directory, but when it comes to the cloud, what are the steps needed to be taken in order to achieve administrative Tiering there?
We will cover the basics of Tiering as a whole, with a deeper look into how we can apply a Tiering model on our cloud infrastructure, to make sure that a Threat Actor or Illicit Admin cannot gain more permissions throughout the infrastructure than is required.
Tiering in Active Directory - Prevent exposure of sensitive credentials by going back to basics
In DFIR, we commonly see that the median hops needed to get access of Domain Admin credentials is three. Meaning that when compromised, a TA moves laterally up to three separate systems before getting DA.
In this session, we will talk about how we must get back to basics and protect our sensitive privileges via Tiering and how Authentication Policy Silos provides locking effects on your Domain Administrators.
Extending the PAW mentality to the cloud
Conditional Access is the best way for securing administrative access in the cloud. However, simply enabling MFA on your Cloud Admin account is not enough anymore, with prompt abuse attacks and man in the middle attacks as a constant threat.
This session will show you how to extend your PAW mentality to deal with administrative tasks in the cloud.
Implementing RBAC in Microsoft Defender
The built in roles in Azure Active Directory are not for everyone. Let´s look into how to assume a more role-based access model in Microsoft Defender
Temporary Access Pass - The key for unlocking Passwordless?
Recently, Microsoft announced Temporary Access Pass. Is this the key for unlocking Passwordless in a seamless process? How does it work? In what scenarios will it be used?
Microsoft 365 Security and Compliance User Group User group Sessionize Event Upcoming
Microsoft Cloud Security User Group User group Sessionize Event Upcoming
Experts Live Netherlands 2024 Sessionize Event
NIC Cloud Connect 2023 Sessionize Event
Microsoft Purview Days 2023 Sessionize Event
Stockholm TECH Show 2023 Sessionize Event
Azure User Group Sweden User group Sessionize Event
Festive Tech Calendar 2022 Sessionize Event
Cloud Lunch and Learn Sessionize Event
Nordic Virtual Summit 3rd Edition Sessionize Event
Welsh Azure User Group - Event User group Sessionize Event
Cloud Management Community User group Sessionize Event
South Coast Summit 2021 Sessionize Event
India Cloud Security Summit , 2021 Sessionize Event
Viktor Hedberg
Senior Technical Architect @ Truesec AB
Värnamo, Sweden
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top