Skip to main content
Advanced Search
Search Terms
Content Type

Exact Matches
Tag Searches
Date Options
Updated after
Updated before
Created after
Created before

Search Results

5 total results found

Malicious MFA Takeover

Azure AD (AAD)

This technique is pretty simple as it only consists in "backdooring" user accounts that don't have MFA set up; if an attacker controls one of these accounts it's possible to register new devices under that user's account. A simple way to get the MFA status of ...

AAD Persistence

Service Principal Abuse

Azure AD (AAD)

This persistence method consists in backdooring Azure applications leveraging the permissions of a SP account to gain SSO access to the environment with the permissions of that applications without the need for credentials. The main benefits of attacking SP ac...

AAD Persistence

Compromising Azure Blobs and Storage Accounts

Azure AD (AAD)

Storage Accounts are high-value targets in a tenant if an attacker is looking to exfiltrate sensitive data. What we'll focus on in this section is a common misconfiguration that exposes access keys for the storage account itself allowing an attacker to downloa...

AAD Persistence

Malicious Device Join

Azure AD (AAD)

This technique allows to bypass Conditional Access Policies based on device ownership. Since devices are identified with certificates created during the registration process, all we need is access to a user account that can register a new device that can be se...

AAD Persistence

AAD Federated Backdoor

Azure AD (AAD)

The gist of this persistence technique is creating a malicious domain inside a target tenant and use the newly-created domain to impersonate any user from the tenant in M365. This method requires a high-privilege account to be compromised (or gained) such as D...

AAD Persistence