Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1087 | .004 | Account Discovery: Cloud Account | |
Enterprise | T1119 | Automated Collection |
ROADTools automatically gathers data from Azure AD environments using the Azure Graph API.[2] |
|
Enterprise | T1526 | Cloud Service Discovery |
ROADTools can enumerate Azure AD applications and service principals.[2] |
|
Enterprise | T1069 | .003 | Permission Groups Discovery: Cloud Groups | |
Enterprise | T1018 | Remote System Discovery | ||
Enterprise | T1078 | .004 | Valid Accounts: Cloud Accounts |
ROADTools leverages valid cloud credentials to perform enumeration operations using the internal Azure AD Graph API.[2] |
ID | Name | References |
---|---|---|
G0016 | APT29 |