Azure
Contents
Azure¶
Table View¶
Created |
Action |
Description |
Author |
---|---|---|---|
2021-08-05 |
A threat actor could get messages from the mailbox of the current user session via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor could get messages from the mailbox of a specific user via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to get metadata from Azure AD Applications via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-22 |
A threat actor might want to list the directory roles that are activated in the tenant via Microsoft Graph APIs and the right permissions. This operation only returns roles that have been activated. A role becomes activated when an admin activates the role using the Activate directoryRole API. Not all built-in roles are initially activated. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-22 |
A threat actor might want to list all the groups in an organization, including but not limited to Microsoft 365 groups via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-09-30 |
A threat actor might want to list members of an Azure AD group or directory role via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-09-08 |
A threat actor might want to retrieve a list of oAuth2PermissionGrant objects, representing delegated permissions which have been granted for client applications to access APIs on behalf of signed-in users via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-09-30 |
A threat actor might want to list owners of an Azure AD application or service principal via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-09-30 |
A threat actor might want to collect information from Azure AD such as users, applications, service principals, groups and directory roles via Microsoft Graph APIs and analyze it all in a graph way. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to get metadata from Azure AD service principals via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to list all users in Azure AD via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to add an owner to an Azure AD application via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to add a password to an Azure AD application for persistence purposes via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-10-16 |
A threat actor might want to add a new member to a directory role (e.g. Domain Administrator) via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-09-13 |
A threat actor might want to add a member to a Microsoft 365 group or a security group through the members navigation property via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to add an owner to a service principal via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to add a password to a service principal for persistence purposes via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to add a new domain to the tenant via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to grant permissions (Delegated or Application) to an Azure AD application (Service Principal) via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to register a new Azure AD application for persistence purposes via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to create a service principal for an existing Azure AD application via Microsoft Graph APIs and the right permissions. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |
|
2021-08-05 |
A threat actor might want to update the required resource access property of an Azure AD application via Microsoft Graph APIs and the right permissions. The requiredResourceAccess property of an application specifies resources that the application requires access to and the set of OAuth permission scopes (delegated) and application roles (application) that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience. This does not grant permissions consent. |
Roberto Rodriguez @Cyb3rWard0g, MSTIC R&D |