Attacking Entra Metaverse: Part 1
Tags
attack-pattern: | Data Credentials - T1589.001 Device Registration - T1098.005 Domains - T1583.001 Domains - T1584.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
Type | Value |
---|---|
UUID | 1aac579c-370d-4b2c-b359-a6f11602c1a8 |
Fingerprint | bb1842df0fc7c6dc |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 13, 2024, 4:45 p.m. |
Added to db | Dec. 13, 2024, 6:10 p.m. |
Last updated | Dec. 20, 2024, 6:24 p.m. |
Headline | Attacking Entra Metaverse: Part 1 |
Title | Attacking Entra Metaverse: Part 1 |
Detected Hints/Tags/Attributes | 28/1/16 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 196 | ✔ | Posts By SpecterOps Team Members - Medium | https://posts.specterops.io/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 2 | adminwebservice.onmicrosoft.com |
|
Details | Domain | 2 | hybrid.hotnops.com |
|
Details | Domain | 3 | enterpriseregistration.windows.net |
|
Details | Domain | 2 | dc1-hybrid.hybrid.hotnops.com |
|
Details | Domain | 14 | dirkjanm.io |
|
Details | Domain | 6 | aadinternals.com |
|
Details | 1 | jack.burton@hybrid.hotnops.com |
||
Details | File | 2 | devicel.key |
|
Details | File | 2 | winhello.key |
|
Details | File | 2 | winhello_cert_req.cs |
|
Details | File | 2 | jack_burton.pfx |
|
Details | File | 37 | rubeus.exe |
|
Details | File | 2 | c:\keys\jack_burton.pfx |
|
Details | File | 4 | api.pdf |
|
Details | Url | 2 | https://dirkjanm.io/lateral-movement-and-hash-dumping-with-temporary-access-passes-microsoft-entra |
|
Details | Url | 2 | https://aadinternals.com/talks/attacking |