AAD & M365 kill chain

imageMapResize(); Introduction According to Verizon’s Data Breach Investigations Report 2020, externals attackers are considerable more common than internal attackers. In the cloud era, attacking the organisation from the outside is much more difficult, if not impossible. Therefore, to be able to access organisation’s data, one must gain some level of legitimate access to the organisation. The Azure AD and Microsoft 365 kill chain is a collection of recon techniques and hacking tools I’ve discovered and built during the last 10+ years while working with Microsoft cloud services.
Quest for guest access: Azure Active Directory reconnaissance as a guest

Quest for guest access: Azure Active Directory reconnaissance as a guest

This post is part 25 of Azure AD and Microsoft 365 kill chain blog series.

When sharing SharePoint to people outside the organisations or inviting them to Teams, a corresponding guest account is created to Azure AD. Although the created guest account is not a pure insider, it has wide read-only access to organisation’s Azure AD information.

In this blog, using AADInternals v0.4.0, I’ll show how to gather information from Azure AD tenant as a guest user.