Advanced Search
Search Results
4 total results found
Pass the PRT
This attack exploits devices with SSO enabled in hybrid Azure environments. PRTs can authenticate into any application, bypass MFA with the built-in MFA claim and satisfy every conditional access policy. This attack leverages the native presence of the Browser...
Pass the Cookie
If a user has an active logon session on Azure or M365, the browser stores a cookie called ESTSAUTH cookie which can be exposed or stolen from the browser cache, a memory dump of running processes, malicious browser extensions and the Chrome cookies file. The ...
Abusing Managed Identities
Managed Identities are a type of Service Principal and they are used by applications to obtain tokens for authentication without need to manage credentials. We'll see how a misconfigured Managed Identity can allow an attacker to access resources in the same re...
Virtual Machine Abuse
This section is highly dependent on the Abusing Managed Identities module so i recommend checking that out first and then coming back to this ʕ •ᴥ•ʔ The setup is the same and the attack assumes you compromised a Linux-based VM and we can use it to execute comm...