Tag: Entra ID
-
EvilMist: The Ultimate Swiss Army Knife for Azure and Entra ID Red Teaming
EvilMist is a collection of scripts and utilities designed to support cloud security configuration audit, cloud penetration testing & cloud red teaming. The toolkit helps identify misconfigurations, assess privilege-escalation paths, and simulate attack techniques. EvilMist aims to streamline cloud-focused red-team workflows and improve the overall security posture of cloud infrastructures Tools Unauthenticated Entra ID Enumeration…
-
The Serverless Spectre: How TokenFlare is Redefining M365 Phishing with Built-In Intune Bypasses
TokenFlare Serverless AITM Phishing Simulation Framework for Entra ID / M365 Features Lean: Core logic (in src/worker.js only ~530 lines of JavaScript). Modular: Supports a number of OAuth flows, with Intune Conditional Access bypass support out of the box Easily tweaked: Set up client branding, URL structure (custom lure path and parameter), final redirect after completing auth, and more,…
-
Forging the Keys: Inside SAMLSmith, the C# Framework for Golden & Silver SAML Attacks
SAMLSmith is a C# tool for generating custom SAML responses and implementing Silver SAML and Golden SAML attacks. It provides comprehensive functionality for security researchers and penetration testers working with SAML-based authentication systems. Use SAMLSmith provides four primary commands for different operational scenarios: Command Purpose Input Method generate SAML response generation Command line parameters generateJSON…
-
Critical Blunder: HP Update Bricks Corporate Laptops By Deleting Cloud Certs
On corporate HP laptops equipped with AI chips, a widespread connectivity failure with Microsoft’s cloud services occurred after an automatic update of HP OneAgent (version 1.2.50.9581) inadvertently deleted system certificates responsible for maintaining trust between Windows and Entra ID. As a result, affected devices lost their cloud registration, and users, after rebooting, could sign in…
-
Microsoft Teams: New Report Exposes How APTs and Ransomware Groups Weaponize Collaboration Features to Breach Enterprises
The Microsoft Teams messenger, widely used for corporate communication, has increasingly become a convenient arena for cyberattacks. According to the Microsoft Threat Intelligence team, malicious actors are actively exploiting the platform for a broad range of purposes — from intelligence gathering and social engineering to malware distribution and data theft. Teams attracts both financially motivated…
-
Microsoft Averts Mass Cloud Takeover Due to Azure Flaw
Microsoft narrowly avoided a vulnerability that could have led to the mass compromise of its cloud customers: Dutch researcher Dirk-jan Mollema uncovered two interrelated flaws in the Entra ID identity management service (formerly Azure Active Directory), which, when combined, allowed an attacker to gain global administrator privileges and effectively seize control of any Azure tenant.…
-
How Storm-0501 is Pivoting to Cloud-Native Attacks
According to a report by Microsoft Threat Intelligence, the group Storm-0501 has shifted its focus from traditional on-premises ransomware campaigns to tactics centered on cloud services. Whereas in the past attackers deployed encryptors onto victims’ computers and servers, they now operate without conventional malware. By exploiting the built-in capabilities of cloud platforms, they rapidly exfiltrate…
-
Passkeys Are Not Phishing-Proof: A New Attack Bypasses Passwordless Security
Although passkeys are promoted as a passwordless, phishing-resistant, and inherently secure authentication method, Proofpoint researchers warn that such protection can be bypassed with relative ease. Under certain conditions, an attacker can force a user to revert to an outdated and vulnerable form of authentication—effectively nullifying the benefits of the new technology. The researchers stress that…
-
EntraFalcon: PowerShell Tool for Microsoft Entra ID Security Audits
EntraFalcon is a PowerShell-based assessment tool for pentesters, security analysts, and system administrators to evaluate the security posture of a Microsoft Entra ID environment. Designed for ease of use, EntraFalcon runs on PowerShell 5.1 and 7, supports both Windows and Linux, and requires no external dependencies or Microsoft Graph API consent. The tool helps uncover…