This post is part 2⁄5 of Azure AD and Microsoft 365 kill chain blog series. When sharing SharePoint to people outside the organisations or inviting them to Teams, a corresponding guest account is created to Azure AD. Although the created guest account is not a pure insider, it has wide read-only access to organisation’s Azure AD information. In this blog, using AADInternals v0.4.0, I’ll show how to gather information from Azure AD tenant as a guest user.| aadinternals.com
In my earlier blog post I explained how to create a backdoor to Azure AD using an identity federation vulnerability feature I discovered in 2017. In this blog post, I’ll explain how to create a backdoor using Seamless SSO and how to exploit it using forged Kerberos tickets.| aadinternals.com
Multi-factor Authentication (MFA) is nowadays a recommended method for providing extra protection for users. In most cases, it protects users from phishing attacks as the attackers can’t log in even they have user’s credentials. In this blog, I’ll report my findings on how the Azure AD MFA works under-the-hood, and how I built a custom authenticator app for Android. I also introduce some methods how the rogue administrator can bypass MFA when using user’s compromised credentials.| aadinternals.com
This post is part 4⁄5 of Azure AD and Microsoft 365 kill chain blog series. Global Admin role is the most powerfull administrator role in Azure AD. It is (almost) equivalent to the local system rigths in traditional Windows environment: If you are a Global Admin, there is no security! As a Global Admin, there are no limits what you are allowed to do. For instance, one can easily access others’ data. But why bother, if you can as easily impersonate users? In this blog, using AADInternals v...| aadinternals.com