Yan-Ming Chen
CHT Security Co. Ltd / Senior Security Engineer
Experienced in SOC and MDR incident analysis and response, proficient in utilizing EDR and other tools for investigation and remediation. Researching cloud security and assisting clients in addressing cloud cybersecurity threats.
Microsoft Graph API is a powerful tool that enables users to quickly, repeatedly, and automatically streamline workflows. However, it has also become a valuable asset for hackers as an entry point for attacks.
In this session, we will explore the capabilities of Microsoft Graph API and demonstrate how attackers leverage these features at various stages of an intrusion. Additionally, we will introduce GraphRunner, a commonly used PowerShell tool among hackers, and explain how it helps them gain access to a victim’s tenant to achieve their objectives.
Finally, we will discuss methods for detecting and identifying malicious use of Microsoft Graph API, as well as strategies to prevent such attacks.
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。