FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

By: Zion3R

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services.

MAAD-AF is designed to make cloud security testing simple, fast and effective. Through its virtually no-setup requirement and easy to use interactive attack modules, security teams can test their security controls, detection and response capabilities easily and swiftly.

Features

  • Pre & Post-compromise techniques
  • Simple interactive use
  • Virtually no-setup requirements
  • Attack modules for Azure AD
  • Attack modules for Exchange
  • Attack modules for Teams
  • Attack modules for SharePoint
  • Attack modules for eDiscovery

MAAD-AF Attack Modules

  • Azure AD External Recon (Includes sub-modules)
  • Azure AD Internal Recon (Includes sub-modules)
  • Backdoor Account Setup
  • Trusted Network Modification
  • Disable Mailbox Auditing
  • Disable Anti-Phishing
  • Mailbox Deletion Rule Setup
  • Exfiltration through Mailbox Forwarding
  • Gain User Mailbox Access
  • External Teams Access Setup (Includes sub-modules)
  • eDiscovery exploitation (Includes sub-modules)
  • Bruteforce
  • MFA Manipulation
  • User Account Deletion
  • SharePoint exploitation (Includes sub-modules)

Getting Started

Plug & Play - It's that easy!

  1. Clone or download the MAAD-AF github repo to your windows host
  2. Open PowerShell as Administrator
  3. Navigate to the local MAAD-AF directory (cd /MAAD-AF)
  4. Run MAAD_Attack.ps1 (./MAAD_Attack.ps1)

Requirements

  1. Internet accessible Windows host
  2. PowerShell (version 5 or later) terminal as Administrator
  3. The following PowerShell modules are required and will be installed automatically:

Tip: A 'Global Admin' privilege account is recommended to leverage full capabilities of modules in MAAD-AF

Limitations

  • MAAD-AF is currently only fully supported on Windows OS

Contribute

  • Thank you for considering contributing to MAAD-AF!
  • Your contributions will help make MAAD-AF better.
  • Join the mission to make security testing simple, fast and effective.
  • There's ongoing efforts to make the source code more modular to enable easier contributions.
  • Continue monitoring this space for updates on how you can easily incorporate new attack modules into MAAD-AF.

Add Custom Modules

  • Everyone is encouraged to come up with new attack modules that can be added to the MAAD-AF Library.
  • Attack modules are functions that leverage access & privileges established by MAAD-AF to exploit configuration flaws in Microsoft services.

Report Bugs

  • Submit bugs or other issues related to the tool directly in the "Issues" section

Request Features

  • Share those great ideas. Submit new features to add to the MAAD-AFs functionality.

Contact

  • If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason - I would love to hear from you. You can contact at: maad-af@vectra.ai or post in repository Discussions.


Monkey365 - Tool For Security Consultants To Easily Conduct Not Only Microsoft 365, But Also Azure Subscriptions And Azure Active Directory Security Configuration Reviews

By: noreply@blogger.com (Unknown) ยทย noreply@blogger.com (Unknown)


Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start. To help with this effort, Monkey365 also provides several ways to identify security gaps in the desired tenant setup and configuration. Monkey365 provides valuable recommendations on how to best configure those settings to get the most out of your Microsoft 365 tenant or Azure subscription.


Introduction

Monkey365 is a plugin-based PowerShell module that can be used to review the security posture of your cloud environment. With Monkey365 you can scan for potential misconfigurations and security issues in public cloud accounts according to security best practices and compliance standards, across Azure, Azure AD, and Microsoft365 core applications.

Installation

You can either download the latest zip by clicking this link or download Monkey365 by cloning the repository:

Once downloaded, you must extract the file and extract the files to a suitable directory. Once you have unzipped the zip file, you can use the PowerShell V3 Unblock-File cmdlet to unblock files:

Get-ChildItem -Recurse c:\monkey365 | Unblock-File

Once you have installed the monkey365 module on your system, you will likely want to import the module with the Import-Module cmdlet. Assuming that Monkey365 is located in the PSModulePath, PowerShell would load monkey365 into active memory:

Import-Module monkey365

If Monkey365 is not located on a PSModulePath path, you can use an explicit path to import:

Import-Module C:\temp\monkey365

You can also use the Force parameter in case you want to reimport the Monkey365 module into the same session

Import-Module C:\temp\monkey365 -Force

Basic Usage

The following command will provide the list of available command line options:

Get-Help Invoke-Monkey365

To get a list of examples use:

Get-Help Invoke-Monkey365 -Examples

To get a list of all options and examples with detailed info use:

Get-Help Invoke-Monkey365 -Detailed

The following example will retrieve data and metadata from Azure AD and SharePoint Online and then print results. If credentials are not supplied, Monkey365 will prompt for credentials.

$param = @{
    Instance = 'Microsoft365';
    Analysis = 'SharePointOnline';
    PromptBehavior = 'SelectAccount';
    IncludeAzureActiveDirectory = $true;
    ExportTo = 'PRINT';
}
$assets = Invoke-Monkey365 @param

Regulatory compliance checks

Monkey365 helps streamline the process of performing not only Microsoft 365, but also Azure subscriptions and Azure Active Directory Security Reviews.

160+ checks covering industry defined security best practices for Microsoft 365, Azure and Azure Active Directory.

Monkey365 will help consultants to assess cloud environment and to analyze the risk factors according to controls and best practices. The report will contain structured data for quick checking and verification of the results.

Supported standards

By default, the HTML report shows you the CIS (Center for Internet Security) Benchmark. The CIS Benchmarks for Azure and Microsoft 365 are guidelines for security and compliance best practices.

The following standards are supported by Monkey365:

  • CIS Microsoft Azure Foundations Benchmark v1.4.0
  • CIS Microsoft 365 Foundations Benchmark v1.4.0

More standards will be added in next releases (NIST, HIPAA, GDPR, PCI-DSS, etc..) as they are available.

Additional information such as Installation or advanced usage can be found in the following link



๐Ÿ’พ

โŒ