Backdoor Office 365 and Active Directory - Golden SAML
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
Inversecos
Backdoor Office 365 and Active Directory - Golden SAML
Compromise of the AD FS server token-signing certificate could result in access to the Azure/Office365 environment by the attacker.
Oh365 User Finder
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid.
https://github.com/dievus/Oh365UserFinder
#office365 #user #enumeration
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid.
https://github.com/dievus/Oh365UserFinder
#office365 #user #enumeration