APT
@APT_Notes
12.9K subscribers
550 photos
27 videos
24 files
890 links
This channel discusses:

— Offensive Security
— RedTeam
— Malware Research
— OSINT
— etc

Disclaimer:
t.me/APT_Notes/6

Chat Link:
t.me/APT_Notes_PublicChat
Download Telegram
About
Blog
Apps
Platform
Join
APT
12.9K subscribers
APT
Backdoor Office 365 and Active Directory - Golden SAML

https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html

#ADFS #SAML #Azure #Office365
Inversecos
Backdoor Office 365 and Active Directory - Golden SAML
Compromise of the AD FS server token-signing certificate could result in access to the Azure/Office365 environment by the attacker.
235 views
APT
CredMaster

Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.

The following plugins are currently supported:
— OWA
— EWS
— O365
— O365Enum
— MSOL
— Okta
— FortinetVPN
— HTTPBrute
ADFS
— AzureSSO

https://github.com/knavesec/CredMaster

#owa #o365 #adfs #password #spraying
🔥4
653 views
APT
📡 Relaying to ADFS Attacks

Praetorian has developed and is releasing an open source tool ADFSRelay and NTLMParse, which can be used for performing relaying attacks targeting ADFS and analyzing NTLM messages respectively.

https://www.praetorian.com/blog/relaying-to-adfs-attacks/

#ad #adfs #relay #ntlm
Praetorian
Relaying to ADFS Attacks
Overview During red team engagements over the last few years, I’ve been curious whether it would be possible to authenticate to cloud services such as Office365 via a relay from New Technology Lan Manager (NTLM) to Active Directory Federation Services (ADFS).…
❤‍🔥5🔥1
1.75K views