ioc[.]one - OSINT Cyber Threat Intelligence Database

TokenSmith - Bypassing Intune Compliant Device Conditional Access | JUMPSEC LABS

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Direct Conditional Access Policies - T1556.009 Domains - T1583.001 Domains - T1584.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	a6900b73-3c59-42a0-9171-44f75b0d35b7
Fingerprint	2e689a5b9b01efc9
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 20, 2024, 12:17 a.m.
Added to db	Dec. 21, 2024, 4:07 a.m.
Last updated	Dec. 26, 2024, 3:11 a.m.
Headline	TokenSmith – Bypassing Intune Compliant Device Conditional Access
Title	TokenSmith - Bypassing Intune Compliant Device Conditional Access \| JUMPSEC LABS
Detected Hints/Tags/Attributes	45/2/22

Source URLs

	Redirection	Url
Details	Source	https://labs.jumpsec.com/tokensmith-bypassing-intune-compliant-device-conditional-access/

URL Provider

Details	Provider	Source level domain
Details	jumpsec.com	labs.jumpsec.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	149	✔	JUMPSEC LABS	https://labs.jumpsec.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4726	github.com
Details	Domain	24	office.com
Details	Domain	70	login.microsoftonline.com
Details	Domain	3	login.microsoft.com
Details	Domain	242	learn.microsoft.com
Details	Domain	1	portal.manage.microsoft.com
Details	Domain	1	www.anoopcnair.com
Details	Domain	2	calendar.read
Details	Domain	6	contacts.read
Details	Domain	40	graph.microsoft.com
Details	Domain	11	graph.windows.net
Details	File	1	known-foci-clients.csv
Details	Github username	2	jumpseclabs
Details	Github username	1	secureworks
Details	Url	1	https://github.com/jumpseclabs/tokensmith.
Details	Url	3	https://login.microsoftonline.com/common/oauth2/nativeclient
Details	Url	1	https://learn.microsoft.com/en-us/mem/intune/user-help/sign-in-to-the-company-portal.
Details	Url	1	https://www.anoopcnair.com/fix-intune-company-portal-app-login-issues
Details	Url	1	https://github.com/secureworks/family-of-client-ids-research/blob/main/known-foci-clients.csv
Details	Url	1	https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
Details	Url	4	https://graph.microsoft.com/.default
Details	Url	1	https://graph.microsoft.com/.default&code=1.auebe