Back to directory
WRITEUP #82

Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD

CloudPrivilege escalationLateral movement
by@IKalendarov(Ilan Kalendarov)
Program
Microsoft (Entra ID / Azure AD)
Published
Aug 15, 2024
Added to HackDex
Aug 26, 2024
Read Full Writeuphttps://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
RELATED WRITEUPS
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation
Escalating Privileges in Google Cloud via Open Groups
CloudPrivilege escalation
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
CloudPrivilege escalation
Exploiting Broken Authentication Control In GraphQL
CloudGraphQL

Built with ❤️ by Shubham Rawat