MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services.
MAAD-AF is designed to make cloud security testing simple, fast and effective. Through its virtually no-setup requirement and easy to use interactive attack modules, security teams can test their security controls, detection and response capabilities easily and swiftly.
Features
- Pre & Post-compromise techniques
- Simple interactive use
- Virtually no-setup requirements
- Attack modules for Azure AD
- Attack modules for Exchange
- Attack modules for Teams
- Attack modules for SharePoint
- Attack modules for eDiscovery
MAAD-AF Attack Modules
- Azure AD External Recon (Includes sub-modules)
- Azure AD Internal Recon (Includes sub-modules)
- Backdoor Account Setup
- Backdoor through Cross Tenant Synchronization
- Trusted Network Modification
- Disable Mailbox Auditing
- Disable Anti-Phishing
- Mailbox Deletion Rule Setup
- Exfiltration through Mailbox Forwarding
- Gain User Mailbox Access
- External Teams Access Setup (Includes sub-modules)
- eDiscovery exploitation (Includes sub-modules)
- Bruteforce
- MFA Manipulation
- User Account Deletion
- SharePoint exploitation (Includes sub-modules)
Getting Started
Plug & Play – It’s that easy!
- Clone or download the MAAD-AF github repo to your windows host
- Open PowerShell as Administrator
- Navigate to the local MAAD-AF directory
(cd /MAAD-AF)
- Run MAAD_Attack.ps1
(./MAAD_Attack.ps1)
Requirements
- Internet accessible Windows host
- PowerShell (version 5 or later) terminal as Administrator
- The following PowerShell modules are required and will be installed automatically:
- Az
- AzureAd
- MSOnline
- ExchangeOnlineManagement
- MicrosoftTeams
- AzureADPreview
- ADInternals
- ExchangePowershell
- Microsoft.Online.SharePoint.PowerShell
- PnP.PowerShell
- Microsoft.Graph.Identity.SignIns
Limitations
- MAAD-AF is currently only fully supported on Windows OS
Contribute
- Thank you for considering contributing to MAAD-AF!
- Your contributions will help make MAAD-AF better.
- Join the mission to make security testing simple, fast and effective.
- There’s ongoing efforts to make the source code more modular to enable easier contributions.
- Continue monitoring this space for updates on how you can easily incorporate new attack modules into MAAD-AF.
Add Custom Modules
- Everyone is encouraged to come up with new attack modules that can be added to the MAAD-AF Library.
- Attack modules are functions that leverage access & privileges established by MAAD-AF to exploit configuration flaws in Microsoft services.
Report Bugs
- Submit bugs or other issues related to the tool directly in the “Issues” section
Request Features
- Share those great ideas. Submit new features by submitting a PR or sharing them in the Discussions.
Contact
- If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason – share them. You can email at: maad-af@vectra.ai or post it in Discussions on GitHub.