Azure#

ATT&CK Navigator View#

Table View#

Created

Action

Description

Author

2021-11-01

Admin promotion via Directory Role Permission Grant

A campaign to simulate a threat actor granting the Microsoft Graph RoleManagement.ReadWrite.Directory (application) permission to an Azure service principal and using the new permissions to add an Azure AD object or user account to an Admin directory role (i.e. Global Administrators).

Roberto Rodriguez @Cyb3rWard0g

2022-05-01

Azure AD Light Discovery

A campaign to simulate a threat actor disovering Azure AD users, applications, service principals, groups and directory roles.

Roberto Rodriguez @Cyb3rWard0g

2022-04-28

Add New Password Credential to Azure AD Application and Read Mail

A campaign to simulate a threat actor adding password credentials to an Azure AD application, getting an access token with the new credentials and reading mail from a specific user via MS Graph with the security context of the Azure AD application.

Roberto Rodriguez @Cyb3rWard0g