Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials

Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials

In 13 September 2022, Secureworks published a Threat Analysis: Azure Active Directory Pass-Through Authentication Flaws. The vulnerabilities discovered by our team allows threat actors to gain persistent and undetected access to the target Azure AD tenant.

In this blog post, I’ll show how the attack can be conducted using AADInternals and standalone Windows server.

Deep-dive to Azure AD Pass-Through Authentication

Deep-dive to Azure AD Pass-Through Authentication

In my earlier blog, I explained how Azure AD identity federation works under-the-hood. In this post, I’ll be doing the same with Azure AD pass-through authentication (PTA).