The ROAD to Azure AD exploration for Red and Blue
While many organizations have a presence in the cloud through Office 365 and Azure, tooling and research into Azure AD privileges and security issues is still limited. In this talk I will present the next step in my mission to change this: a toolkit and framework for analyzing Azure AD environments. The ROADtools framework consists of several components that enumerate and gather all resources in Azure AD, using both documented and undocumented APIs. Most of these are available for any authenticated user. The framework saves the gathered data to an offline database for later use, which is then queried and converted into human readable output. Examples of this are a BloodHound-like graph view of groups, users and permissions and a web-based overview of all users and their properties. Apart from explaining the framework itself the talk will also highlight several Azure AD vulnerabilities that were identified during it’s development.