AAD

Some (mostly) conceptual notes about AAD

Useful LinksOverview of Azure & M365Enumerate Users and DomainsPost-exploitation ReconnaissanceOAuth 2.0 AbuseAbusing Device Code AuthenticationAbusing Cloud Administrator RoleAbusing User Administrator RoleAAD Federated BackdoorService Principal AbuseCompromising Azure Blobs and Storage AccountsMalicious Device JoinDisabling Auditing (Unified Audit Logs)Spoofing Azure Sign-In LogsRegistering Fake Agents for Log SpoofingPass the PRTPass the CookieAbusing Managed IdentitiesVirtual Machine AbuseAttacking Key Vaults
PreviousLOLBIN EnumerationNextUseful Links