MAAD-AF – MAAD Attack Framework – An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD
MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services.
MAAD-AF is designed to make cloud security testing simple, fast and effective. Through its virtually no-setup requirement and easy to use interactive attack modules, security teams can test their security controls, detection and response capabilities easily and swiftly.
Features
- Pre & Post-compromise techniques
- Simple interactive use
- Virtually no-setup requirements
- Attack modules for Azure AD
- Attack modules for Exchange
- Attack modules for Teams
- Attack modules for SharePoint
- Attack modules for eDiscovery
MAAD-AF Attack Modules
- Azure AD External Recon (Includes sub-modules)
- Azure AD Internal Recon (Includes sub-modules)
- Backdoor Account Setup
- Trusted Network Modification
- Disable Mailbox Auditing
- Disable Anti-Phishing
- Mailbox Deletion Rule Setup
- Exfiltration through Mailbox Forwarding
- Gain User Mailbox Access
- External Teams Access Setup (Includes sub-modules)
- eDiscovery exploitation (Includes sub-modules)
- Bruteforce
- MFA Manipulation
- User Account Deletion
- SharePoint exploitation (Includes sub-modules)
Getting Started
Plug & Play – It’s that easy!
- Clone or download the MAAD-AF github repo to your windows host
- Open PowerShell as Administrator
- Navigate to the local MAAD-AF directory
(cd /MAAD-AF)
- Run MAAD_Attack.ps1
(./MAAD_Attack.ps1)
Requirements
- Internet accessible Windows host
- PowerShell (version 5 or later) terminal as Administrator
- The following PowerShell modules are required and will be installed automatically:
- Az
- AzureAd
- MSOnline
- ExchangeOnlineManagement
- MicrosoftTeams
- AzureADPreview
- ADInternals
- ExchangePowershell
- Microsoft.Online.SharePoint.PowerShell
- PnP.PowerShell
Tip: A ‘Global Admin’ privilege account is recommended to leverage full capabilities of modules in MAAD-AF
Limitations
- MAAD-AF is currently only fully supported on Windows OS
Contribute
- Thank you for considering contributing to MAAD-AF!
- Your contributions will help make MAAD-AF better.
- Join the mission to make security testing simple, fast and effective.
- There’s ongoing efforts to make the source code more modular to enable easier contributions.
- Continue monitoring this space for updates on how you can easily incorporate new attack modules into MAAD-AF.
Add Custom Modules
- Everyone is encouraged to come up with new attack modules that can be added to the MAAD-AF Library.
- Attack modules are functions that leverage access & privileges established by MAAD-AF to exploit configuration flaws in Microsoft services.
Report Bugs
- Submit bugs or other issues related to the tool directly in the “Issues” section
Request Features
- Share those great ideas. Submit new features to add to the MAAD-AFs functionality.
Contact
- If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason – I would love to hear from you. You can contact at: [email protected] or post in repository Discussions.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.