Guarding the Bridge: New Attack Vectors in Azure AD Connect
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Data Model Authentication Attempt - T1381 Credentials - T1589.001 Dcsync - T1003.006 Dns - T1071.004 Dns - T1590.002 Domain Accounts - T1078.002 Hooking - T1617 Hybrid Identity - T1556.007 Powershell - T1059.001 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090 Hooking - T1179 Powershell - T1086 Process Injection - T1055 Hooking
Show in Graph
Common Information
Type Value
UUID 0c44102d-c27d-4194-854f-b9eb8344b071
Fingerprint bd78cd49555023d5
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 2, 2023, midnight
Added to db Nov. 8, 2023, 10:45 p.m.
Last updated Nov. 12, 2024, 11:50 a.m.
Headline Guarding the Bridge: New Attack Vectors in Azure AD Connect
Title Guarding the Bridge: New Attack Vectors in Azure AD Connect
Detected Hints/Tags/Attributes 63/2/16
Source URLs
Redirection Url
Details Source https://blog.sygnia.co/guarding-the-bridge-new-attack-vectors-in-azure-ad-connect
URL Provider
Details Provider Source level domain
Details sygnia.co blog.sygnia.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 67 https://blog.sygnia.co/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 61 
login.microsoftonline.com
Details Domain 285 
microsoft.net
Details Domain 8 
sygnia.co
Details Domain 4 
aadinternals.com
Details Domain 10 
blog.xpnsec.com
Details Domain 11 
dirkjanm.io
Details Email 5 
contact@sygnia.co
Details File 1 
miiserver.exe
Details File 5 
machine.config
Details File 1 
loadclr.dll
Details File 1 
azureadconnect_abuse.dll
Details Url 9 
https://login.microsoftonline.com
Details Url 1 
http://login.microsoftonline.com
Details Url 1 
https://aadinternals.com/aadinternals
Details Url 1 
https://blog.xpnsec.com/azuread-connect-for-redteam
Details Url 1 
https://dirkjanm.io/updating-adconnectdump-a-journey-into-dpapi