Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials

Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials

In 13 September 2022, Secureworks published a Threat Analysis: Azure Active Directory Pass-Through Authentication Flaws. The vulnerabilities discovered by our team allows threat actors to gain persistent and undetected access to the target Azure AD tenant.

In this blog post, I’ll show how the attack can be conducted using AADInternals and standalone Windows server.