Tag

Attack.t1556

3 briefs RSS

Unauthorized Modification of Azure Conditional Access Policy

An unauthorized actor modifies an Azure Conditional Access policy, potentially leading to privilege escalation, credential access, persistence, or defense impairment.

Azure Active Directory azure conditional-access policy-modification attack.privilege-escalation attack.credential-access attack.persistence attack.defense-impairment attack.t1548 +1

2r 2t May 29, 2024

medium advisory

Azure AD Root Certificate Authority Added for Passwordless Authentication

2 rules 4 TTPs

An attacker may add a new root certificate authority to an Azure AD tenant to support certificate-based authentication for persistence, privilege escalation, or defense evasion.

Azure Active Directory attack.credential-access attack.persistence attack.privilege-escalation attack.defense-impairment attack.t1556

2r 4t May 8, 2024

medium advisory

User Added to Group with Conditional Access Policy Modification Access

3 rules 4 TTPs

An attacker adds a user to a privileged Azure Active Directory group with permissions to modify Conditional Access policies, potentially leading to privilege escalation, credential access, persistence, and defense impairment.

Azure Active Directory attack.privilege-escalation attack.credential-access attack.persistence attack.defense-impairment attack.t1548 attack.t1556

3r 4t Jan 3, 2024