MAAD AF Save

MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).

Project README

MAAD Attack Framework

MAAD_Logo

MAAD-AF is an open-source cloud attack tool for Microsoft 365 & Entra ID(Azure AD) environments.

MAAD-AF offers simple, fast and effective security testing. Validate Microsoft cloud controls and test detection & response capabilities with a virutally zero-setup process, complete with a fully interactive workflow for executing emulated attacks.

MAAD-AF is developed natively in PowerShell.

Usage

  1. Clone or download MAAD-AF from GitHub
  2. Start PowerShell as Admin and navigate to MAAD-AF directory
> git clone https://github.com/vectra-ai-research/MAAD-AF.git
> cd /MAAD-AF
  1. Launch MAAD-AF
> MAAD_Attack.ps1 
# Launch and bypass dependency checks
> MAAD_Attack.ps1 -ForceBypassDependencyCheck

Requirements

  1. Windows host
  2. PowerShell 5.1

Features

  • Attack emulation tool
  • Fully interactive (no-commands) workflow
  • Zero-setup deployment
  • Ability to revert actions for post-testing cleanup
  • Leverage MITRE ATT&CK
  • Emulate post-compromise attack techniques
  • Attack techniques for Entra ID (Azure AD)
  • Attack techniques for Exchange Online
  • Attack techniques for Teams
  • Attack techniques for SharePoint
  • Attack techniques for eDiscovery

MAAD-AF Techniques

  • Recon data from various Microsoft services
  • Backdoor Account Setup
  • Trusted Network Modification
  • Mailbox Audit Bypass
  • Disable Anti-Phishing in Exchange
  • Mailbox Deletion Rule Setup
  • Exfiltration through Mail Forwarding
  • Gain User Mailbox Access
  • Setup External Teams Access
  • Exploit Cross Tenant Synchronization
  • eDiscovery exploitation for data recon & exfil
  • Bruteforce credentials
  • MFA Manipulation
  • User Account Deletion
  • SharePoint exploitation for data recon & exfil
  • More...

Contribute

  • Thanks for considering contributing to MAAD-AF! Your contributions will help make MAAD-AF better.
  • Submit your PR to the main branch.
  • Submit bugs & issues directly to GitHub Issues
  • Share ideas in GitHub Discussions

Contact

If you found MAAD-AF useful, want to share an interesting use-case or idea - reach out & share them

Open Source Agenda is not affiliated with "MAAD AF" Project. README Source: vectra-ai-research/MAAD-AF
Stars
329
Open Issues
2
Last Commit
4 weeks ago
Repository
vectra-ai-research/MAAD-AF
License
GPL-3.0
Homepage
https://maad-af.com
Tags
Adversary Emulation Cloud Security Microsoft Microsoft Azure Security Mitre Powershell Red Team Security Security Testing Azuread Cloud Administration Identity Access Management Microsoft365 Entra Id Microsoft Graph Ttp

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?