From AD to SaaS: Compromising Third-Party Applications from an Active Directory Breach | SO-CON 2025

Presented by Matthew Merrill and Zachary Stein. In today’s complex enterprise environments, understanding and managing Attack Paths is critical for maintaining a robust security posture. This presentation explores the journey of an attacker who initially compromises an Active Directory (AD) environment and progressively abuses various attack paths, ultimately breaching a third-party application. The session will focus on the key components of Attack Path Management, with a particular emphasis on the impact of unauthorized access to critical systems and third-party applications. Slides: https://github.com/SpecterOps/presentations/tree/main/SO-CON%202025/Matthew%20Merrill%20and%20Zachary%20Stein%20-%20From%20AD%20to%20SaaS%20%20Compromising%20Third-Party%20Applications%20from%20an%20Active%20Directory%20Breach SO-CON: https://specterops.io/so-con This talk was recorded on Tuesday, April 1, 2025 at SO-CON 2025.