Recon Azure AD

Can you monitor or prevent a reconnaissance or enumeration? Especially reconnaissance (recon) on the cloud? Mostly not, and it depends on the recon types. While recon for local (on-premises) resources can be challenging or more accessible (depends).

Azure AD recon and enumeration is a critical part of any comprehensive security strategy. Recon is the process of gathering information about a target or system, while enumeration is the process of actively probing and scanning a target to identify potential vulnerabilities and weaknesses. There are two main types of recon: passive and active. Passive recon involves collecting information from publicly available sources, such as social media, company websites, and news articles. Active recon involves actively probing and scanning a target to identify potential vulnerabilities and weaknesses.

Microsoft provides an Azure Threat Research Matrix to help security professionals identify potential weaknesses in a system or network. Additionally, there are various tools available to help with recon and enum, such as AADInternals and Azurite. These tools can be used to gather information about a target, such as tenant ID, tenant name, domains, mailboxes, email IDs, valid or invalid users, public Azure blobs, and other Azure services.

The Microsoft Cloud is built on three primary components: Tenant, Core-Domain, and Subscription. There are various ways to recon and enum Microsoft Cloud, such as using publicly available APIs, manually, or any other tools. For example, the OpenID Configuration API can be used to gather login information, token endpoint, and device_authorization_endpoint. Additionally, the UserRealm API can be used to gather login information of the tenant, including tenant Name and domain authentication type.

AADInternals is a powerful tool for recon and enum. It can be used to gather tenant ID, open ID configuration, and credential type. It also has an Outsider mode, which can be used to extract information from any tenant using publicly available APIs and DNS queries. Additionally, the Invoke-AADIntReconAsOutsider command can be used to start tenant recon of the given domain and extract information such as their type. Finally, the AADIntUserEnumerationAsOutsider command can be used to scan all of the users in a tenant.

In conclusion, Azure AD recon and enumeration is an important part of any comprehensive security strategy. There are various tools and APIs available to help with recon and enum, such as AADInternals and Azurite. These tools can be used to gather information about a target, such as tenant ID, tenant name, domains, mailboxes, email IDs, valid or invalid users, public Azure blobs, and other Azure services. With the right tools and knowledge, security professionals

📓 Recon Azure AD

👉🏽 Can you monitor or prevent a reconnaissance or enumeration? Especially reconnaissance (recon) on the cloud? Mostly not, and it depends on the recon types. While recon for local (on-premises) resources can be challenging or more accessible (depends). can identify potential weaknesses and vulnerabilities in a system or network.

🔗 source link: https://cyberdom.blog/2023/01/14/recon-azure-ad/

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/articles-and-reports/recon-azure-ad

#AzureADrecon #Azureenum #securitystrategy #tools #MicrosoftCloud