Awesome

MAAD Attack Framework

MAAD_Logo

MAAD-AF is an open-source cloud attack tool for Microsoft 365 & Entra ID(Azure AD) environments.

MAAD-AF offers simple, fast and effective security testing. Validate Microsoft cloud controls and test detection & response capabilities with a virutally zero-setup process, complete with a fully interactive workflow for executing emulated attacks.

MAAD-AF is developed natively in PowerShell.

Usage

Clone or download MAAD-AF from GitHub
Start PowerShell as Admin and navigate to MAAD-AF directory

> git clone https://github.com/vectra-ai-research/MAAD-AF.git
> cd /MAAD-AF

Launch MAAD-AF

> MAAD_Attack.ps1 
# Launch and bypass dependency checks
> MAAD_Attack.ps1 -ForceBypassDependencyCheck

Requirements

Windows host
PowerShell 5.1

Features

Attack emulation tool
Fully interactive (no-commands) workflow
Zero-setup deployment
Ability to revert actions for post-testing cleanup
Leverage MITRE ATT&CK
Emulate post-compromise attack techniques
Attack techniques for Entra ID (Azure AD)
Attack techniques for Exchange Online
Attack techniques for Teams
Attack techniques for SharePoint
Attack techniques for eDiscovery

MAAD-AF Techniques

Recon data from various Microsoft services
Backdoor Account Setup
Trusted Network Modification
Mailbox Audit Bypass
Disable Anti-Phishing in Exchange
Mailbox Deletion Rule Setup
Exfiltration through Mail Forwarding
Gain User Mailbox Access
Setup External Teams Access
Exploit Cross Tenant Synchronization
eDiscovery exploitation for data recon & exfil
Bruteforce credentials
MFA Manipulation
User Account Deletion
SharePoint exploitation for data recon & exfil
More...

Contribute

Thanks for considering contributing to MAAD-AF! Your contributions will help make MAAD-AF better.
Submit your PR to the main branch.
Submit bugs & issues directly to GitHub Issues
Share ideas in GitHub Discussions

Contact

If you found MAAD-AF useful, want to share an interesting use-case or idea - reach out & share them

Maintainer : Arpan Sarkar
Email : MAAD-AF@vectra.ai