Web: https://embracethered.com/blog/posts/2022/ropci-usage/

e
Nov. 21, 2022, 1 a.m. |

Embrace The Red embracethered.com

Misconfigurations with MFA setups are not uncommon when using AAD, especially when federated setups or Pass Through Authentication is configured I have seen MFA bypass opportunities in multiple production tenants.
A common misconfiguration is that MFA is enforced at the federated identity provider, but AAD is forgotten and ROPC authentication still succeeds against AAD.
To learn more about ROPC, check out the previous post about the topic.
This post focuses on the ropci features that can be leveraged post-exploitation.

azure dive hackers

Operational Technology Cyber Security Consultant

@ PA Consulting | Edinburgh, United Kingdom

Cyber Security Analyst I

@ Humanity | Cincinnati, OH, United States

IT Security Analyst Specialist

@ Humanity | Phoenix, AZ, United States

IT Security Analyst Senior

@ Humanity | Phoenix, AZ, United States

Managed Network Detection & Response Analyst (REMOTE)

@ Arista Networks | Vancouver, BC, Canada

Director, Next Generation Firewall Customer Success

@ Palo Alto Networks | Raleigh, NC, United States

Cyber Security engineer

@ LACROIX | Rennes, France

Cyber Security Engineer(台北)

@ SGS | Taipei, Taiwan

Duales Studium Elektrotechnik mit Schwerpunkt Cyber Security (w/m/div.) - anteilig remote

@ Bosch Group | Rülzheim, Germany

Cloud Security Controls Expert

@ PA Consulting | London, United Kingdom

Cybersecurity Audit Manager

@ ServiceNow | Santa Clara, CALIFORNIA, United States

Security Solution Administrator - Platform Operation (REF1249B)

@ Deutsche Telekom IT Solutions | Pécs, Budapest, Szeged, Debrecen, Hungary