SPA is for Single-Page Abuse! - Using Single-Page Application Tokens to Enumerate Azure
Tags
cmtmf-attack-pattern: Command-Line Interface
attack-pattern: Data Command-Line Interface - T1605 Conditional Access Policies - T1556.009 Javascript - T1059.007 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Web Services - T1583.006 Web Services - T1584.006 Command-Line Interface - T1059 Connection Proxy - T1090 Powershell - T1086 Command-Line Interface
Show in Graph
Common Information
Type Value
UUID 279d38a9-58fe-4372-89bb-fca889094f50
Fingerprint 3c6b8e192f9b62d5
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 10, 2024, 4:04 p.m.
Added to db Dec. 10, 2024, 5:21 p.m.
Last updated Dec. 26, 2024, 11:04 a.m.
Headline SPA is for Single-Page Abuse! - Using Single-Page Application Tokens to Enumerate Azure
Title SPA is for Single-Page Abuse! - Using Single-Page Application Tokens to Enumerate Azure
Detected Hints/Tags/Attributes 51/2/18
Source URLs
Redirection Url
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fspa-is-for-single-page-abuse-using-single-page-application-tokens-to-enumerate-azure-8c38dc77e409%3Fsource%3Drss----f05f8696e3cc---4
Details Source https://posts.specterops.io/spa-is-for-single-page-abuse-using-single-page-application-tokens-to-enumerate-azure-8c38dc77e409?gi=0411e8fa023f&source=rss----f05f8696e3cc---4
Details Redirection https://posts.specterops.io/spa-is-for-single-page-abuse-using-single-page-application-tokens-to-enumerate-azure-8c38dc77e409?source=rss----f05f8696e3cc---4
Details Redirection https://posts.specterops.io/spa-is-for-single-page-abuse-using-single-page-application-tokens-to-enumerate-azure-8c38dc77e409?source=rss------cybersecurity-5
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fspa-is-for-single-page-abuse-using-single-page-application-tokens-to-enumerate-azure-8c38dc77e409%3Fsource%3Drss------cybersecurity-5
Details Source https://posts.specterops.io/spa-is-for-single-page-abuse-using-single-page-application-tokens-to-enumerate-azure-8c38dc77e409?gi=abb964b7fb4b&source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Details specterops.io posts.specterops.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Details 196 Posts By SpecterOps Team Members - Medium https://posts.specterops.io/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
bloomreach.com
Details Domain 242 
learn.microsoft.com
Details Domain 9 
www.office.com
Details Domain 34 
portal.azure.com
Details Domain 3 
www.microsoft365.com
Details Domain 6 
management.core.windows.net
Details Domain 40 
graph.microsoft.com
Details Domain 3 
graph.microsoft.net
Details Domain 70 
login.microsoftonline.com
Details Domain 308 
microsoft.net
Details Domain 422 
microsoft.com
Details Domain 11 
graph.windows.net
Details File 6 
management.core
Details IPv4 1583 
127.0.0.1
Details Url 3 
https://learn.microsoft.com/en-us/entra/identity-platform/index-spa
Details Url 3 
https://learn.microsoft.com/en-us/entra/identity-platform/scenario-spa-app-registration
Details Url 3 
https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-spa-app
Details Url 3 
https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/governance/verify-first-party-apps-sign-in#application