Skip to primary navigation
Skip to content
Skip to footer
Atomic Red Team
Learn More
Atomics
Newsletter
Join the Slack
Toggle search
Toggle menu
Azure AD Atomic Tests by ATT&CK Tactic & Technique
credential-access
T1110.001 Brute Force: Password Guessing
Atomic Test #3: Brute Force Credentials of single Azure AD user [azure-ad]
T1110.002 Brute Force: Password Cracking
CONTRIBUTE A TEST
T1606.002 Forge Web Credentials: SAML token
Atomic Test #1: Golden SAML [azure-ad]
T1552 Unsecured Credentials
CONTRIBUTE A TEST
T1556.007 Hybrid Identity
CONTRIBUTE A TEST
T1110.003 Brute Force: Password Spraying
Atomic Test #4: Password spray all Azure AD users with a single password [azure-ad]
Atomic Test #7: Password Spray Microsoft Online Accounts with MSOLSpray (Azure/O365) [azure-ad]
T1649 Steal or Forge Authentication Certificates
CONTRIBUTE A TEST
T1528 Steal Application Access Token
CONTRIBUTE A TEST
T1606 Forge Web Credentials
CONTRIBUTE A TEST
T1621 Multi-Factor Authentication Request Generation
CONTRIBUTE A TEST
T1212 Exploitation for Credential Access
CONTRIBUTE A TEST
T1110 Brute Force
CONTRIBUTE A TEST
T1110.004 Brute Force: Credential Stuffing
CONTRIBUTE A TEST
T1556.006 Multi-Factor Authentication
CONTRIBUTE A TEST
T1556.009 Conditional Access Policies
CONTRIBUTE A TEST
T1556 Modify Authentication Process
CONTRIBUTE A TEST
impact
T1498.001 Direct Network Flood
CONTRIBUTE A TEST
T1499.003 Application Exhaustion Flood
CONTRIBUTE A TEST
T1499.004 Application or System Exploitation
CONTRIBUTE A TEST
T1498.002 Reflection Amplification
CONTRIBUTE A TEST
T1499.002 Service Exhaustion Flood
CONTRIBUTE A TEST
T1499 Endpoint Denial of Service
CONTRIBUTE A TEST
T1498 Network Denial of Service
CONTRIBUTE A TEST
discovery
T1069 Permission Groups Discovery
CONTRIBUTE A TEST
T1069.003 Cloud Groups
CONTRIBUTE A TEST
T1087 Account Discovery
CONTRIBUTE A TEST
T1087.004 Cloud Account
CONTRIBUTE A TEST
T1526 Cloud Service Discovery
CONTRIBUTE A TEST
T1538 Cloud Service Dashboard
CONTRIBUTE A TEST
defense-evasion
T1484.002 Domain Trust Modification
Atomic Test #1: Add Federation to Azure AD [azure-ad]
T1556.007 Hybrid Identity
CONTRIBUTE A TEST
T1078.001 Valid Accounts: Default Accounts
CONTRIBUTE A TEST
T1548 Abuse Elevation Control Mechanism
CONTRIBUTE A TEST
T1548.005 Temporary Elevated Cloud Access
CONTRIBUTE A TEST
T1078 Valid Accounts
CONTRIBUTE A TEST
T1556.006 Multi-Factor Authentication
CONTRIBUTE A TEST
T1562.008 Impair Defenses: Disable Cloud Logs
CONTRIBUTE A TEST
T1556.009 Conditional Access Policies
CONTRIBUTE A TEST
T1484 Domain or Tenant Policy Modification
CONTRIBUTE A TEST
T1550.001 Application Access Token
CONTRIBUTE A TEST
T1078.004 Valid Accounts: Cloud Accounts
CONTRIBUTE A TEST
T1556 Modify Authentication Process
CONTRIBUTE A TEST
privilege-escalation
T1484.002 Domain Trust Modification
Atomic Test #1: Add Federation to Azure AD [azure-ad]
T1098.003 Account Manipulation: Additional Cloud Roles
Atomic Test #1: Azure AD - Add Company Administrator Role to a user [azure-ad]
Atomic Test #2: Simulate - Post BEC persistence via user password reset followed by user added to company administrator role [azure-ad]
T1078.001 Valid Accounts: Default Accounts
CONTRIBUTE A TEST
T1548 Abuse Elevation Control Mechanism
CONTRIBUTE A TEST
T1548.005 Temporary Elevated Cloud Access
CONTRIBUTE A TEST
T1098.005 Device Registration
CONTRIBUTE A TEST
T1098.001 Account Manipulation: Additional Cloud Credentials
Atomic Test #1: Azure AD Application Hijacking - Service Principal [azure-ad]
Atomic Test #2: Azure AD Application Hijacking - App Registration [azure-ad]
T1098 Account Manipulation
Atomic Test #4: Azure AD - adding user to Azure AD role [azure-ad]
Atomic Test #5: Azure AD - adding service principal to Azure AD role [azure-ad]
Atomic Test #8: Azure AD - adding permission to application [azure-ad]
T1078 Valid Accounts
CONTRIBUTE A TEST
T1484 Domain or Tenant Policy Modification
CONTRIBUTE A TEST
T1078.004 Valid Accounts: Cloud Accounts
CONTRIBUTE A TEST
persistence
T1098.003 Account Manipulation: Additional Cloud Roles
Atomic Test #1: Azure AD - Add Company Administrator Role to a user [azure-ad]
Atomic Test #2: Simulate - Post BEC persistence via user password reset followed by user added to company administrator role [azure-ad]
T1556.007 Hybrid Identity
CONTRIBUTE A TEST
T1078.001 Valid Accounts: Default Accounts
CONTRIBUTE A TEST
T1098.005 Device Registration
CONTRIBUTE A TEST
T1098.001 Account Manipulation: Additional Cloud Credentials
Atomic Test #1: Azure AD Application Hijacking - Service Principal [azure-ad]
Atomic Test #2: Azure AD Application Hijacking - App Registration [azure-ad]
T1136.003 Create Account: Cloud Account
Atomic Test #2: Azure AD - Create a new user [azure-ad]
Atomic Test #3: Azure AD - Create a new user via Azure CLI [azure-ad]
T1098 Account Manipulation
Atomic Test #4: Azure AD - adding user to Azure AD role [azure-ad]
Atomic Test #5: Azure AD - adding service principal to Azure AD role [azure-ad]
Atomic Test #8: Azure AD - adding permission to application [azure-ad]
T1078 Valid Accounts
CONTRIBUTE A TEST
T1556.006 Multi-Factor Authentication
CONTRIBUTE A TEST
T1556.009 Conditional Access Policies
CONTRIBUTE A TEST
T1136 Create Account
CONTRIBUTE A TEST
T1078.004 Valid Accounts: Cloud Accounts
CONTRIBUTE A TEST
T1556 Modify Authentication Process
CONTRIBUTE A TEST
execution
T1059.009 Cloud API
CONTRIBUTE A TEST
T1059 Command and Scripting Interpreter
CONTRIBUTE A TEST
initial-access
T1078.001 Valid Accounts: Default Accounts
CONTRIBUTE A TEST
T1078 Valid Accounts
CONTRIBUTE A TEST
T1078.004 Valid Accounts: Cloud Accounts
CONTRIBUTE A TEST
lateral-movement
T1021.007 Cloud Services
CONTRIBUTE A TEST
T1550.001 Application Access Token
CONTRIBUTE A TEST
Enter your search term...