MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services.
MAAD-AF is designed to make cloud security testing simple, fast and effective. Through its virtually no-setup requirement and easy to use interactive attack modules, security teams can test their security controls, detection and response capabilities easily and swiftly.
- Pre & Post-compromise techniques
- Simple interactive use
- Virtually no-setup requirements
- Attack modules for Azure AD
- Attack modules for Exchange
- Attack modules for Teams
- Attack modules for SharePoint
- Attack modules for eDiscovery
- Azure AD External Recon (Includes sub-modules)
- Azure AD Internal Recon (Includes sub-modules)
- Backdoor Account Setup
- Trusted Network Modification
- Disable Mailbox Auditing
- Disable Anti-Phishing
- Mailbox Deletion Rule Setup
- Exfiltration through Mailbox Forwarding
- Gain User Mailbox Access
- External Teams Access Setup (Includes sub-modules)
- eDiscovery exploitation (Includes sub-modules)
- Bruteforce
- MFA Manipulation
- User Account Deletion
- SharePoint exploitation (Includes sub-modules)
- Clone or download the MAAD-AF github repo to your windows host
- Open PowerShell as Administrator
- Navigate to the local MAAD-AF directory
(cd /MAAD-AF)
- Run MAAD_Attack.ps1
(./MAAD_Attack.ps1)
- Internet accessible Windows host
- PowerShell (version 5 or later) terminal as Administrator
- The following PowerShell modules are required and will be installed automatically:
- Az
- AzureAd
- MSOnline
- ExchangeOnlineManagement
- MicrosoftTeams
- AzureADPreview
- ADInternals
- ExchangePowershell
- Microsoft.Online.SharePoint.PowerShell
- PnP.PowerShell
Tip: A 'Global Admin' privilege account is recommended to leverage full capabilities of modules in MAAD-AF
- MAAD-AF is currently only fully supported on Windows OS
- Thank you for considering contributing to MAAD-AF!
- Your contributions will help make MAAD-AF better.
- Join the mission to make security testing simple, fast and effective.
- There's ongoing efforts to make the source code more modular to enable easier contributions.
- Continue monitoring this space for updates on how you can easily incorporate new attack modules into MAAD-AF.
- Everyone is encouraged to come up with new attack modules that can be added to the MAAD-AF Library.
- Attack modules are functions that leverage access & privileges established by MAAD-AF to exploit configuration flaws in Microsoft services.
- Submit bugs or other issues related to the tool directly in the "Issues" section
- Share those great ideas. Submit new features to add to the MAAD-AFs functionality.
- If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason - I would love to hear from you. You can contact at: maad-af@vectra.ai or post in repository Discussions.