Azure AD (AAD)
A collection of offensive Azure AD and Microsoft 365 cheatsheets, covering enumeration, privilege escalation, persistence, and log evasion techniques used in cloud-based red teaming and post-exploitation scenarios.
Useful links
dirkjanm.io Blog AADInternals Blog List of Managed Identities Web applications Portal.az...
Overview of Azure & M365
A cheatsheet for targeting Azure & M365 environments, focusing on identity management, resource a...
Enumerate Users and Domains
A cheatsheet for targeting user and domain enumeration using public APIs and DNS suffixes to extr...
Post-exploitation Reconnaissance
A cheatsheet for post-exploitation reconnaissance targeting Active Directory tenant information, ...
Password Spraying M365
A cheatsheet for targeting Microsoft 365 accounts using password spraying techniques to bypass se...
OAuth 2.0 Abuse
A cheatsheet for OAuth 2.0 Abuse targeting unauthorized access by exploiting access tokens throug...
Abusing Device Code Authentication
A cheatsheet for exploiting Device Code Authentication to target Azure AD and Microsoft 365 accou...
Abusing Cloud Administrator Role
A cheatsheet for targeting cloud environments by abusing the Cloud Administrator role to gain una...
Abusing User Administrator Role
A cheatsheet for targeting unauthorized access and privilege escalation by abusing the User Admin...
AAD Federated Backdoor
A cheatsheet for targeting Azure Active Directory using a Federated Backdoor to impersonate users...
Malicious MFA Takeover
A cheatsheet for exploiting user accounts by registering new devices to gain persistent access th...
Service Principal Abuse
A cheatsheet for Service Principal Abuse targeting Azure applications to gain unauthorized SSO ac...
Compromising Azure Blobs and Storage Accounts
A cheatsheet for compromising Azure Blobs and Storage Accounts by targeting misconfigurations and...
Malicious Device Join
A cheatsheet for Malicious Device Join targeting Conditional Access Policy bypass through unautho...
Disabling Auditing (Unified Audit Logs)
A cheatsheet for disabling auditing in Unified Audit Logs, targeting the concealment of malicious...
Spoofing Azure Sign-In Logs
A cheatsheet for spoofing Azure Sign-In Logs, targeting the manipulation of AAD events to mislead...
Registering Fake Agents for Log Spoofing
A cheatsheet for automating log spoofing by registering fake agents to generate deceptive login e...
Pass the PRT
A cheatsheet for Pass the PRT, a technique targeting SSO-enabled devices in hybrid Azure environm...
Pass the Cookie
A cheatsheet for Pass the Cookie targeting the extraction and decryption of ESTSAUTH cookies to g...
Abusing Managed Identities
A cheatsheet for targeting misconfigured Managed Identities to exploit Azure resources and extrac...
Virtual Machine Abuse
A cheatsheet for abusing virtual machines to execute commands and facilitate lateral movement wit...
Attacking Key Vaults
A cheatsheet for targeting Key Vaults, including reading keys and secrets and modifying access po...