Backdoor Office 365 and Active Directory - Golden SAML
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
#ADFS #SAML #Azure #Office365
Inversecos
Backdoor Office 365 and Active Directory - Golden SAML
Compromise of the AD FS server token-signing certificate could result in access to the Azure/Office365 environment by the attacker.
AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
GitHub
GitHub - darkquasar/AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 - darkquasar/AzureHunter
ScoutSuite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
# https://github.com/nccgroup/ScoutSuite
# https://github.com/nccgroup/sadcloud
#aws #azure #gcp #auditing #tool
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
# https://github.com/nccgroup/ScoutSuite
# https://github.com/nccgroup/sadcloud
#aws #azure #gcp #auditing #tool
GitHub
GitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool
Multi-Cloud Security Auditing Tool. Contribute to nccgroup/ScoutSuite development by creating an account on GitHub.
Undetected Azure AD Bruteforce Attack
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
o365recon
Script to retrieve information via O365 and AzureAD with a valid cred.
https://github.com/nyxgeek/o365recon
#azure #recon #tools
Script to retrieve information via O365 and AzureAD with a valid cred.
https://github.com/nyxgeek/o365recon
#azure #recon #tools
Bloodhound Custom Queries
A combination of custom cypher queries from various sources for BloodHound, added categories to match newest version of BH.
https://github.com/ZephrFish/Bloodhound-CustomQueries
#ad #azure #bloodhound #queries
A combination of custom cypher queries from various sources for BloodHound, added categories to match newest version of BH.
https://github.com/ZephrFish/Bloodhound-CustomQueries
#ad #azure #bloodhound #queries
GitHub
GitHub - ZephrFish/Bloodhound-CustomQueries: Custom Queries - Brought Up to BH4.1 syntax
Custom Queries - Brought Up to BH4.1 syntax. Contribute to ZephrFish/Bloodhound-CustomQueries development by creating an account on GitHub.
Azure Threat Research Matrix
The purpose of the Azure Threat Research Matrix is to conceptualize the known TTP that adversaries may use against Azure
https://microsoft.github.io/Azure-Threat-Research-Matrix/
#azure #ttp #blueteam
The purpose of the Azure Threat Research Matrix is to conceptualize the known TTP that adversaries may use against Azure
https://microsoft.github.io/Azure-Threat-Research-Matrix/
#azure #ttp #blueteam
👍2