Extensible Azure Security Tool (Later referred as E.A.S.T) is tool for assessing Azure and to some extent Azure AD security controls. Primary use case of EAST is Security data collection for evaluation in Azure Assessments. This information (JSON content) can then be used in various reporting tools, which we use to further correlate and investigateRead More
The BloodHound data collector for Microsoft Azure Get AzureHound Release Binaries Download the appropriate binary for your platform from one of our Releases. Rolling Release The rolling release contains pre-built binaries that are automatically kept up-to-date with the main branch and can be downloaded from here. Warning: The rolling release may be unstable. Compiling PrerequisitesRead More
AzureGraph is an Azure AD information gathering tool over Microsoft Graph. Thanks to Microsoft Graph technology, it is possible to obtain all kinds of information from Azure AD, such as users, devices, applications, domains and much more. This application, allows you to query this data through the API in an easy and simple way throughRead More
Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start. To help with this effort, Monkey365 also provides several ways toRead More
Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic. The current list of tools can be found below with a brief description of their functionality. ./Device_Code/device_code_easy_mode.py Generates a code to be entered by the target user Can be used for general token generation or during a phishing/social engineering campaign. ./Access_Tokens/token_juggle.pyRead More
Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel. DISCLAIMER: This tool requires tuning and investigative trialling to be truly effective in a production environment. Overview Sentinel ATT&CK provides the following tools: An ARM template to automatically deploy Sentinel ATT&CK to yourRead More
Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command execution and more. The Most Valuable Cmdlets This toolkit brings lots of variousRead More
This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force/spraying attacks, while also failing to log any failed authentication attempts. ThisRead More
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup Create an Azure Service Bus Create a Shared access policy (Connection string) that can only Send and Listen Edit the static connectionString variable in Beacon C# projects to match the “Primary Connection String” value for the Shared access policy created inRead More
This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration settings in order to assist organizations in securing these environments. Exchange Online (O365): Federation Configuration Federation Trust Client Access Settings Configured on Mailboxes Mail Forwarding Rules for Remote Domains Mailbox SMTP Forwarding Rules Mail TransportRead More
