MAAD-AF is an open-source cloud attack tool for Microsoft 365 & Entra ID(Azure AD) environments.
MAAD-AF offers simple, fast and effective security testing. Validate Microsoft cloud controls and test detection & response capabilities with a virutally zero-setup process, complete with a fully interactive workflow for executing emulated attacks.
MAAD-AF is developed natively in PowerShell.
- Clone or download MAAD-AF from GitHub
- Start PowerShell as Admin and navigate to MAAD-AF directory
> git clone https://github.com/vectra-ai-research/MAAD-AF.git
> cd /MAAD-AF
- Launch MAAD-AF
> MAAD_Attack.ps1
# Launch and bypass dependency checks
> MAAD_Attack.ps1 -ForceBypassDependencyCheck
- Windows host
- PowerShell 5.1
- Attack emulation tool
- Fully interactive (no-commands) workflow
- Zero-setup deployment
- Ability to revert actions for post-testing cleanup
- Leverage MITRE ATT&CK
- Emulate post-compromise attack techniques
- Attack techniques for Entra ID (Azure AD)
- Attack techniques for Exchange Online
- Attack techniques for Teams
- Attack techniques for SharePoint
- Attack techniques for eDiscovery
- Recon data from various Microsoft services
- Backdoor Account Setup
- Trusted Network Modification
- Mailbox Audit Bypass
- Disable Anti-Phishing in Exchange
- Mailbox Deletion Rule Setup
- Exfiltration through Mail Forwarding
- Gain User Mailbox Access
- Setup External Teams Access
- Exploit Cross Tenant Synchronization
- eDiscovery exploitation for data recon & exfil
- Bruteforce credentials
- MFA Manipulation
- User Account Deletion
- SharePoint exploitation for data recon & exfil
- More...
- Thanks for considering contributing to MAAD-AF! Your contributions will help make MAAD-AF better.
- Submit your PR to the main branch.
- Submit bugs & issues directly to GitHub Issues
- Share ideas in GitHub Discussions
If you found MAAD-AF useful, want to share an interesting use-case or idea - reach out & share them
- Maintainer : Arpan Sarkar
- Email : [email protected]