Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to privileged identity management aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with

Code Keepers: Mastering Non-Human Identity Management

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials

As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis

Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management

Traditional perimeter-based security has become costly and ineffective. As a result, communications security between people, systems, and networks is more important than blocking access with firewalls. On top of that, most cybersecurity risks are caused by just a few superusers – typically one out of 200 users. There’s a company aiming to fix the gap between traditional PAM and IdM

Unified Identity – look for the meaning behind the hype!

If you've listened to software vendors in the identity space lately, you will have noticed that “unified” has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits!  However (there is always a however, right?) not every “unified” “identity” “security” “platform” is made equal. Some vendors call the

Getting off the Attack Surface Hamster Wheel: Identity Can Help

IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it.  The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these vulnerable points using

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. AWS STS is a web service that enables

Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service

New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. "The attacker has issued several new TLS certificates using Let's Encrypt service which were used to hijack encrypted STARTTLS

Think Your MFA and PAM Solutions Protect You? Think Again

When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity

Webinar - Making PAM Great Again: Solving the Top 5 Identity Team PAM Challenges

Privileged Access Management (PAM) solutions are widely acknowledged as the gold standard for securing critical privileged accounts. However, many security and identity teams face inherent obstacles during the PAM journey, hindering these solutions from reaching their full potential. These challenges deprive organizations of the resilience they seek, making it essential to address them

JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident

JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data. The company has informed the concerned

5 Reasons Why Access Management is the Key to Securing the Modern Workplace

The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – as you likely know from your own life – has led to superhuman levels of productivity that we wouldn't ever want to give up. But moving fast comes at a cost. And for

MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services.

MAAD-AF is designed to make cloud security testing simple, fast and effective. Through its virtually no-setup requirement and easy to use interactive attack modules, security teams can test their security controls, detection and response capabilities easily and swiftly.

Features

• Pre & Post-compromise techniques
• Simple interactive use
• Virtually no-setup requirements
• Attack modules for Azure AD
• Attack modules for Exchange
• Attack modules for Teams
• Attack modules for SharePoint
• Attack modules for eDiscovery

MAAD-AF Attack Modules

• Azure AD External Recon (Includes sub-modules)
• Azure AD Internal Recon (Includes sub-modules)
• Backdoor Account Setup
• Trusted Network Modification
• Disable Mailbox Auditing
• Disable Anti-Phishing
• Mailbox Deletion Rule Setup
• Exfiltration through Mailbox Forwarding
• Gain User Mailbox Access
• External Teams Access Setup (Includes sub-modules)
• eDiscovery exploitation (Includes sub-modules)
• Bruteforce
• MFA Manipulation
• User Account Deletion
• SharePoint exploitation (Includes sub-modules)

Getting Started

Plug & Play - It's that easy!

1. Clone or download the MAAD-AF github repo to your windows host
2. Open PowerShell as Administrator
3. Navigate to the local MAAD-AF directory (cd /MAAD-AF)
4. Run MAAD_Attack.ps1 (./MAAD_Attack.ps1)

Requirements

1. Internet accessible Windows host
2. PowerShell (version 5 or later) terminal as Administrator
3. The following PowerShell modules are required and will be installed automatically:

• Az
• AzureAd
• MSOnline
• ExchangeOnlineManagement
• MicrosoftTeams
• AzureADPreview
• ADInternals
• ExchangePowershell
• Microsoft.Online.SharePoint.PowerShell
• PnP.PowerShell

Tip: A 'Global Admin' privilege account is recommended to leverage full capabilities of modules in MAAD-AF

Limitations

• MAAD-AF is currently only fully supported on Windows OS

Contribute

• Thank you for considering contributing to MAAD-AF!
• Your contributions will help make MAAD-AF better.
• Join the mission to make security testing simple, fast and effective.
• There's ongoing efforts to make the source code more modular to enable easier contributions.
• Continue monitoring this space for updates on how you can easily incorporate new attack modules into MAAD-AF.

Add Custom Modules

• Everyone is encouraged to come up with new attack modules that can be added to the MAAD-AF Library.
• Attack modules are functions that leverage access & privileges established by MAAD-AF to exploit configuration flaws in Microsoft services.

Report Bugs

• Submit bugs or other issues related to the tool directly in the "Issues" section

Request Features

• Share those great ideas. Submit new features to add to the MAAD-AFs functionality.

Contact

• If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason - I would love to hear from you. You can contact at: maad-af@vectra.ai or post in repository Discussions.

"It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete?

Privileged Access Management (PAM) solutions are regarded as the common practice to prevent identity threats to administrative accounts. In theory, the PAM concept makes absolute sense: place admin credentials in a vault, rotate their passwords, and closely monitor their sessions. However, the harsh reality is that the vast majority of PAM projects either become a years-long project, or even