Jump to navigation Jump to search
Amazon - AWS
Microsoft - Azure
- AAD Connect Cloud Sync: as local admin impersonate or retrieve managed password of the provagentgMSA account to dcsync.
Microsoft Office 365 - o365
- Extremely in-depth technical info on everything https://o365blog.com
Google Cloud Platform - GCP
Cloud Hacking Tools
- https://github.com/nyxgeek/o365recon - Retrieve information via O365 and AzureAD with a valid cred
- https://github.com/dirkjanm/ROADtools - A collection of Azure AD tools for offensive and defensive security purposes
- https://github.com/fox-it/adconnectdump - Dump Azure AD Connect credentials for Azure AD and Active Directory
- https://github.com/LMGsec/o365creeper - Python script that performs e-mail address validation against Office 365 without submitting login attempts.
- https://github.com/rvrsh3ll/TokenTactics - Azure JWT Token Manipulation Toolset
- https://github.com/nyxgeek/onedrive_user_enum - OneDrive user enumeration - pentest tool to enumerate valid o365 users
- https://github.com/dafthack/MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365)
- https://github.com/dafthack/MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services