MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit different M365/AzureAD cloud-based tools & services.
MAAD-AF is designed to make cloud security testing simple, fast and effective. Through its virtually no-setup requirement and easy to use interactive attack modules, security teams can test their security controls, detection and response capabilities easily and swiftly.
- Pre & Post-compromise techniques
- Simple interactive use
- Virtually no-setup requirements
- Attack modules for Azure AD
- Attack modules for Exchange
- Attack modules for Teams
- Attack modules for SharePoint
- Attack modules for eDiscovery
- Recon
- Backdoor Account Setup
- Trusted Network Modification
- Disable Mailbox Auditing
- Disable Anti-Phishing
- Mailbox Deletion Rule Setup
- Exfiltration through Mailbox Forwarding
- Gain User Mailbox Access
- External Teams Access Setup
- Cross Tenant Synchronization Exploits
- eDiscovery exploitation
- Bruteforce
- MFA Manipulation
- User Account Deletion
- SharePoint exploitation
- Many more...
- Clone or download the MAAD-AF github repo to your windows host
- Open PowerShell as Administrator
- Navigate to the local MAAD-AF directory
- Run MAAD_Attack.ps1
> git clone https://github.com/vectra-ai-research/MAAD-AF.git
> cd /MAAD-AF
> ./MAAD_Attack.ps1
- Internet accessible Windows host
- PowerShell (version 5) terminal as Administrator
- The following PowerShell modules are required and will be installed automatically:
- Az.Accounts
- Az.Resources
- AzureAd
- MSOnline
- ExchangeOnlineManagement
- MicrosoftTeams
- AzureADPreview
- ADInternals
- ExchangePowershell
- Microsoft.Online.SharePoint.PowerShell
- PnP.PowerShell
- Microsoft.Graph.Identity.SignIns
- Microsoft.Graph.Applications
- Microsoft.Graph.Users
- Microsoft.Graph.Groups
- Thank you for considering contributing to MAAD-AF!
- Your contributions will help make MAAD-AF better.
- Join the mission to make security testing simple, fast and effective.
- There's an ongoing efforts to make the source code more modular.
- Submit a PR to the main branch to contribute to MAAD-AF.
- Everyone is encouraged to come up with new attack modules that can be added to the MAAD-AF Library.
- Attack modules are functions that leverage access & privileges established by MAAD-AF to exploit configuration flaws in Microsoft services.
- Submit bugs or other issues related to the tool directly in the "Issues" section
- Share those great ideas. Submit new features by submitting a PR or sharing them in the Discussions.
- If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason - share them. You can email at: maad-af@vectra.ai or post it in Discussions on GitHub.