Tag
medium
advisory
Unauthorized Modification of Azure Conditional Access Policy
2 rules 2 TTPsAn unauthorized actor modifies an Azure Conditional Access policy, potentially leading to privilege escalation, credential access, persistence, or defense impairment.
Azure Active Directory
azure
conditional-access
policy-modification
attack.privilege-escalation
attack.credential-access
attack.persistence
attack.defense-impairment
attack.t1548
+1
2r
2t
medium
advisory
User Added to Group with Conditional Access Policy Modification Access
3 rules 4 TTPsAn attacker adds a user to a privileged Azure Active Directory group with permissions to modify Conditional Access policies, potentially leading to privilege escalation, credential access, persistence, and defense impairment.
Azure Active Directory
attack.privilege-escalation
attack.credential-access
attack.persistence
attack.defense-impairment
attack.t1548
attack.t1556
3r
4t
medium
advisory
Unauthorized Conditional Access Policy Creation in Azure AD
2 rules 1 TTPAn unauthorized actor created a new Conditional Access policy in Azure AD, potentially leading to privilege escalation and unauthorized access.
Azure Active Directory
azure
conditional-access
privilege-escalation
attack.privilege-escalation
attack.t1548
2r
1t
medium
advisory
AWS STS AssumeRole Misuse for Lateral Movement and Privilege Escalation
1 rule 2 TTPsAbuse of AWS STS AssumeRole can allow attackers to move laterally within an AWS environment and escalate privileges, potentially leading to unauthorized access to sensitive resources and data.
AWS STS
attack.lateral-movement
attack.privilege-escalation
attack.t1548
attack.t1550
attack.t1550.001
1r
2t