Backdoor Office 365 and Active Directory - Golden SAML
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
Inversecos
Backdoor Office 365 and Active Directory - Golden SAML
Compromise of the AD FS server token-signing certificate could result in access to the Azure/Office365 environment by the attacker.
AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
GitHub
GitHub - darkquasar/AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 - darkquasar/AzureHunter
ScoutSuite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
# https://github.com/nccgroup/ScoutSuite
# https://github.com/nccgroup/sadcloud
#aws #azure #gcp #auditing #tool
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
# https://github.com/nccgroup/ScoutSuite
# https://github.com/nccgroup/sadcloud
#aws #azure #gcp #auditing #tool
GitHub
GitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool
Multi-Cloud Security Auditing Tool. Contribute to nccgroup/ScoutSuite development by creating an account on GitHub.
Undetected Azure AD Bruteforce Attack
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
o365recon
Script to retrieve information via O365 and AzureAD with a valid cred.
https://github.com/nyxgeek/o365recon
#azure #recon #tools
Script to retrieve information via O365 and AzureAD with a valid cred.
https://github.com/nyxgeek/o365recon
#azure #recon #tools
Bloodhound Custom Queries
A combination of custom cypher queries from various sources for BloodHound, added categories to match newest version of BH.
https://github.com/ZephrFish/Bloodhound-CustomQueries
#ad #azure #bloodhound #queries
A combination of custom cypher queries from various sources for BloodHound, added categories to match newest version of BH.
https://github.com/ZephrFish/Bloodhound-CustomQueries
#ad #azure #bloodhound #queries
GitHub
GitHub - ZephrFish/Bloodhound-CustomQueries: Custom Queries - Brought Up to BH4.1 syntax
Custom Queries - Brought Up to BH4.1 syntax. Contribute to ZephrFish/Bloodhound-CustomQueries development by creating an account on GitHub.
Azure Threat Research Matrix
The purpose of the Azure Threat Research Matrix is to conceptualize the known TTP that adversaries may use against Azure
https://microsoft.github.io/Azure-Threat-Research-Matrix/
#azure #ttp #blueteam
The purpose of the Azure Threat Research Matrix is to conceptualize the known TTP that adversaries may use against Azure
https://microsoft.github.io/Azure-Threat-Research-Matrix/
#azure #ttp #blueteam
👍2
☁️ Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
In this blog we will look at how this trust can be abused by an attacker that obtains Global Admin in Azure AD, to elevate their privileges to Domain Admin in environments that have the Cloud Kerberos Trust set up. Since this technique is a consequence of the design of this trust type, the blog will also highlight detection and prevention measures admins can implement.
https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust
#ad #azure #kerberos #research
In this blog we will look at how this trust can be abused by an attacker that obtains Global Admin in Azure AD, to elevate their privileges to Domain Admin in environments that have the Cloud Kerberos Trust set up. Since this technique is a consequence of the design of this trust type, the blog will also highlight detection and prevention measures admins can implement.
https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust
#ad #azure #kerberos #research
dirkjanm.io
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
Many modern enterprises operate in a hybrid environment, where Active Directory is used together with Azure Active Directory. In most cases, identities will be synchronized from the on-premises Active Directory to Azure AD, and the on-premises AD remains…
👍3
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - boku7/azureOutlookC2: Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook…
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP...
👍8