AAD Kill chain (aadinternals.com) discusses theĀ Azure AD (now Entra ID) and Microsoft 365 kill chain, a collection of reconnaissance techniques and hacking tools for Microsoft cloud services. Here are the key points:
- Roles and Targets: The kill chain includes roles like outsider, guest, insider, admin, and on-prem admin, each aiming to escalate their access level.
- Recon Techniques: Outsiders can extract information using public APIs and DNS queries, while guests and users can gather data using Microsoft APIs.
- Admin Capabilities: Admins have unlimited access to tenant settings, and on-prem admins can exploit Azure AD Connect credentials to gain cloud admin rights.
- Security Risks: The document highlights various methods attackers use to gain unauthorized access and the potential harm they can cause.
In summary, good reading for the people needing a security update on what is configurable on M365 level!