cloudtoolkit Interactive multi-cloud security assessment framework. Capability overview Providers Payload Supported Alibaba Cloud backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot....
SpecterBroker Advanced Windows authentication token extraction and decryption tool for red team operations and security research. SpecterBroker is a comprehensive post-exploitation tool designed for extracting and decrypting Windows authentication tokens from multiple sources. It targets...
A security researcher operating under the pseudonym Magic Claw has inaugurated LOLAPI, a structured compendium of systemic APIs frequently subverted by adversaries in orchestrated incursions. This repository serves as a profound knowledge base, elucidating...
The artificial intelligence industry demands ever-greater computational power, and large-scale models no longer fit within traditional cloud platforms. In response, Microsoft is developing Fairwater, a new class of data-center infrastructure engineered for training neural...
Microsoft has severed its partnership with Israel’s military intelligence unit Unit 8200, cutting off its access to the company’s cloud infrastructure and artificial intelligence services. The decision followed revelations that Microsoft’s technologies had been...
msInvader is an adversary simulation tool designed for blue teams to simulate real-world attack techniques within M365 and Azure environments. By generating realistic attack telemetry, msInvader empowers detection engineers, SOC analysts, and threat hunters...
Microsoft narrowly avoided a vulnerability that could have led to the mass compromise of its cloud customers: Dutch researcher Dirk-jan Mollema uncovered two interrelated flaws in the Entra ID identity management service (formerly Azure...
A newly disclosed vulnerability in the HTTP/2 protocol, dubbed MadeYouReset (CVE-2025-8671), was revealed on August 13, 2025. The flaw allows an attacker to send specially crafted protocol frames that force the server to repeatedly...
According to a report by Microsoft Threat Intelligence, the group Storm-0501 has shifted its focus from traditional on-premises ransomware campaigns to tactics centered on cloud services. Whereas in the past attackers deployed encryptors onto...
Microsoft has introduced a new mechanism known as Nested App Authentication (NAA), which is steadily becoming a key component of the company’s cloud ecosystem. The concept is straightforward: if a user has already signed...
Israel’s military intelligence unit, Unit 8200—specializing in cyber-espionage and electronic surveillance—has been using Microsoft’s cloud servers to store a vast archive of data on residents of Gaza and the West Bank. This trove, leveraged...
MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs comprehensive enumeration without requiring authentication, helping identify potential security misconfigurations and attack...
