:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud - DataDog/stratus-red-team
Introducing Pathfinding Labs, a collection of intentionally vulnerable AWS environments for red teamers and blue teamers to deploy, exploit, and use for detection validation.
Entra ID's Administrative Units (AU) are great for defenders… and for attackers! AUs are a useful method for creating scoped Entra ID role assignments. However, this scoping also offers juicy new methods for anyone looking to persist quietly in an Azure tenant: Obscure parameters can hide AU membership, and restrictions can prevent removal of malicious accounts. AUs are a globally-enabled tenant feature. Are you prepared to keep an eye on them?
I recently had the opportunity to contribute to Stratus Red Team as a part of my research into Entra ID administrative units. Open-source contributions can feel daunting if you haven’t been through them before...
0-click macOS RCE (@Turmio_), sudo iptables LPE (@suidpit + @smaury92), SkeletonCookie ☠️🍪 (@buffaloverflow), and more!
Learn how Datadog detected and resolved issues from hackerbot-claw, an AI-powered automated attack campaign.