In this post we will explore an entry point into how to leverage AzureAD app registrations for offensive purposes.
Before getting into it, I’d like to thank @Antonlovesdnb for helping me explore this further and the defensive guidance. Also a shoutout to @dafthack for spitballing ideas about ways to abuse this. Cheers to you both 🙂
UPDATE Wanted to add some more shout outs and links to some awesome work others have done on or related to this:
Azure App Services for Offensive Operations by @…