Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vectra-ai-research/MAAD-AF
MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
https://github.com/vectra-ai-research/MAAD-AF
adversary-emulation azuread cloud-administration cloud-security entra-id identity-access-management microsoft microsoft-azure-security microsoft-graph microsoft365 mitre powershell red-team security security-testing ttp
Last synced: 2 months ago
JSON representation
MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
- Host: GitHub
- URL: https://github.com/vectra-ai-research/MAAD-AF
- Owner: vectra-ai-research
- License: gpl-3.0
- Created: 2023-02-09T02:08:07.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-09-09T20:25:46.000Z (4 months ago)
- Last Synced: 2024-09-10T01:15:05.751Z (4 months ago)
- Topics: adversary-emulation, azuread, cloud-administration, cloud-security, entra-id, identity-access-management, microsoft, microsoft-azure-security, microsoft-graph, microsoft365, mitre, powershell, red-team, security, security-testing, ttp
- Language: PowerShell
- Homepage: https://maad-af.com
- Size: 516 KB
- Stars: 347
- Watchers: 13
- Forks: 52
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# MAAD Attack Framework
MAAD-AF is an open-source cloud attack tool for Microsoft 365 & Entra ID(Azure AD) environments.
MAAD-AF offers simple, fast and effective security testing. Validate Microsoft cloud controls and test detection & response capabilities with a virutally zero-setup process, complete with a fully interactive workflow for executing emulated attacks.
MAAD-AF is developed natively in PowerShell.
## Usage
1. Clone or download MAAD-AF from GitHub
2. Start PowerShell as Admin and navigate to MAAD-AF directory
```
> git clone https://github.com/vectra-ai-research/MAAD-AF.git
> cd /MAAD-AF
```
3. Launch MAAD-AF
```
> MAAD_Attack.ps1
# Launch and bypass dependency checks
> MAAD_Attack.ps1 -ForceBypassDependencyCheck
```
## Requirements
1. Windows host
2. PowerShell 5.1
## Features
- Attack emulation tool
- Fully interactive (no-commands) workflow
- Zero-setup deployment
- Ability to revert actions for post-testing cleanup
- Leverage MITRE ATT&CK
- Emulate post-compromise attack techniques
- Attack techniques for Entra ID (Azure AD)
- Attack techniques for Exchange Online
- Attack techniques for Teams
- Attack techniques for SharePoint
- Attack techniques for eDiscovery
## MAAD-AF Techniques
- Recon data from various Microsoft services
- Backdoor Account Setup
- Trusted Network Modification
- Mailbox Audit Bypass
- Disable Anti-Phishing in Exchange
- Mailbox Deletion Rule Setup
- Exfiltration through Mail Forwarding
- Gain User Mailbox Access
- Setup External Teams Access
- Exploit Cross Tenant Synchronization
- eDiscovery exploitation for data recon & exfil
- Bruteforce credentials
- MFA Manipulation
- User Account Deletion
- SharePoint exploitation for data recon & exfil
- [More...](https://openrec0n.github.io/maad-af-docs/)
## Contribute
- Thanks for considering contributing to MAAD-AF! Your contributions will help make MAAD-AF better.
- Submit your PR to the main branch.
- Submit bugs & issues directly to [GitHub Issues](https://github.com/vectra-ai-research/MAAD-AF/issues)
- Share ideas in [GitHub Discussions](https://github.com/vectra-ai-research/MAAD-AF/discussions)
## Contact
If you found MAAD-AF useful, want to share an interesting use-case or idea - reach out & share them
- Maintainer : [Arpan Sarkar](https://www.linkedin.com/in/arpan-sarkar/)
- Email : [[email protected]](mailto:[email protected])