pebesGreat post about current #Microsoft #Azure / #M365 attack tooling including #evilginx and #roadtools.
The posting also describes the automation from capturing tokens to exfiltrate data - good luck defenders when not automating the defense …
Ketumbra@Flangvik - Tried your approach to use #roadtools to convert from a ESTS cookie. But it seems to be missing an option to use a custom UA so gets blocked..?
Josh LemonWhat to understand how #M365 #AAD Conditional Access works and how #ThreatActors can bypass it?
Take a look at Beau Bullock's demo on using his #MFASweep tool and #ROADtools for pulling down the Conditional Access configuration.
