Cyber attack simulations
Two threat models for an enterprise environment that leverages Microsoft.
No Multi-Factor-Authentication (MFA) | Hybrid Azure AD model | Utilizes Microsoft Defender for Endpoint
Attacker is able to perform their cyber attack completely in
the shadow.
Impact
Attacker can either disable security controls or simply avoid the traps of the enabled security controls.
Defense evasion
Attacker remotely enumerate through
Microsoft 365 portal enabled products in the environment.
Tool enumeration
Confirmed ‘Security Administrator’
role assigned to compromised
user account.
Account takeover
Initial access
Identity-based
Compromise of security staff user account
Impact
Defense evasion
Initial access
Reconnaissance
Attacker is able to
perform their cyber
attack in the shadow.
Security controls will be initially blind as the activity is likely to look legitimate.
Attacker pays employee to perform tasks inside the network on behalf of them.
Threat actor identifies through social media unsatisfied IT or Security staff member.
Multi-Factor-Authentication (MFA) | Privileged Identity Management (PIM) | Microsoft Defender for Cloud Apps
Cloud-based
