AAD Kill chain

AAD Kill chain (aadinternals.com) discusses theĀ Azure AD (now Entra ID) and Microsoft 365 kill chain, a collection of reconnaissance techniques and hacking tools for Microsoft cloud services. Here are the key points:

  • Roles and Targets: The kill chain includes roles like outsider, guest, insider, admin, and on-prem admin, each aiming to escalate their access level.
  • Recon Techniques: Outsiders can extract information using public APIs and DNS queries, while guests and users can gather data using Microsoft APIs.
  • Admin Capabilities: Admins have unlimited access to tenant settings, and on-prem admins can exploit Azure AD Connect credentials to gain cloud admin rights.
  • Security Risks: The document highlights various methods attackers use to gain unauthorized access and the potential harm they can cause.

In summary, good reading for the people needing a security update on what is configurable on M365 level!

Leave a Reply