Jeffrey Gaor
Jeffrey is a Vice President of Cybersecurity Assessment specializing in Offensive Security, with over a decade of experience in Penetration Testing, Vulnerability Management, Cyber Threat Intelligence, and Security Operations. He has led and delivered security assessments for businesses, enterprises, and government agencies, identifying and mitigating critical vulnerabilities across networks, Active Directory, web applications, APIs, wireless networks, and mobile platforms (iOS & Android).
As a recognized expert, Jeffrey actively participates in bug bounty programs and has been acknowledged by top organizations, including Apple, Oracle, Toyota, and Morgan Stanley. His research has contributed to the discovery of multiple vulnerabilities, earning him four CVE IDs.
In May 2024, he presented an API security tool at the Black Hat Arsenal in Singapore, showcasing an API scanning tool designed to enhance security and detect vulnerabilities in API applications.
Upcoming Talk for 2025:
https://www.rootcon.org/html/rc19/speakers#offlineisnewluxury
Session
This talk reveals a silent but critical misconfiguration in Microsoft Enterprise Enrollment that allows any authenticated user to export sensitive enterprise user data including emails, job roles, and contact info without elevated permissions. We'll uncover how this overlooked flaw can lead to data breaches and share best practices for securely configuring Azure to prevent similar risks.