- Zenity Labs
- Posts
- Links and materials for 15 Ways to Break Your Copilot
Links and materials for 15 Ways to Break Your Copilot
Links, source code, tools and slides for BlackHat USA 2024
This is a post with all of the links and additional materials for a talk I gave at BlackHat USA 2024 titled 15 Ways to Break Your Copilot.
Table of Contents
Slides and demos
Slides are here. A demo is up on YouTube.
Demos:
Scanning the Internet to find open Copilot Studio bots and extract information from them, by Avishai Efrat - video
Tools
CopilotHunter is a tool we’re dropping today. It allows you to scan for publicly accessible Copilot Studio bots and extract information from them. You can point it at your tenant, or scan the entire internet.
Hardening recommendations
Go Hack Yourself with powerpwn!
Help your users avoid these mistakes and make secure choices easy. Follow the frameworks to create a security program that works with citizen developers and professional developers.
Harden your environment
Turn off the following toggles in the Power Platform DLP:
“Chat without Microsoft Entra ID authentication in Coplot Studio” to turn off publicly facing bots with no authentication.
“Facebook channel in Copilot Studio“, “Direct line channels in Copilot Studio“, “Omnichannel in Copilot Studio“ to turn off social channels outside of your corporate boundaries.
Monitor the audit logs for suspicious activity.
Other talks mentioned
On credentials sharing
Copilot Studio bots can be embedded with maker credentials. This actually was the default for many months, and is still a popular option today (up to the maker..). This is a recurring security issue with low-code/no-code apps.
On sharing bots with everyone in the org, including guests
This setting can actually result in credentials being shared with everyone in your tenant. Last year at BlackHat, I showed how this can be used by guests to gain full dumps of your SQL servers and Azure resources.
We also released PowerPwn, an open source offensive tool that allows you to try this out in your tenant.
On bypassing the Power Platform DLP
The Power Platform DLP is not a security mechanism, its a governance tool - a list of toggles you can set up to turn off platform features. It’s also very easy to bypass.
Reply