all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SSOh-No - User Enumeration And Password Spraying Tool For Testing Azure AD

Add to bookmarks
May 12, 2022, 12:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com


This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365.

Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force/spraying attacks, while also failing to log any failed authentication attempts.

This tool is a weaponised version of a PoC demonstrated in the arstechnica research article which discusses the techniques utilised to exploit the endpoint.

This endpoint …

ad azure azure ad enumeration password passwords password spraying research sso testing tool user enumeration

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks 22 hours ago | www.kitploit.com
arp-spoofing cybersecurity networking packet capture +5
HackerInfo - Infromations Web Application Security 1 day, 22 hours ago | www.kitploit.com
hackerinfo python python3
C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets 2 days, 8 hours ago | www.kitploit.com
c2-tracker cybersecurity infosec osint +7
VectorKernel - PoCs For Kernelmode Rootkit Techniques Research 1 week ago | www.kitploit.com
64bit api education kernel +17
Cookie-Monster - BOF To Steal Browser Cookies & Credentials 1 week, 1 day ago | www.kitploit.com
cookie-monster passwords processes python +2
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected 1 week, 2 days ago | www.kitploit.com
mechanism microsoft mimikatz noargs +3
Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of … 1 week, 3 days ago | www.kitploit.com
frameless-bitb scanners scripts subdomains +2
Toolkit - The Essential Toolkit For Reversing, Malware Analysis, And Cracking 1 week, 4 days ago | www.kitploit.com
analysis beginners cracking infosec +11
Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The … 1 week, 6 days ago | www.kitploit.com
api api endpoints automated client +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

IT Security Manager

@ Teltonika | Vilnius/Kaunas, VL, LT
View on infosec-jobs.com

Security Officer - Part Time - Harrah's Gulf Coast

@ Caesars Entertainment | Biloxi, MS, United States
View on infosec-jobs.com

DevSecOps Full-stack Developer

@ Peraton | Fort Gordon, GA, United States
View on infosec-jobs.com

Cybersecurity Cooperation Lead

@ Peraton | Stuttgart, AE, United States
View on infosec-jobs.com

Cybersecurity Engineer - Malware & Forensics

@ ManTech | 201DU - Customer Site,Herndon, VA
View on infosec-jobs.com
View more jobs