Azure AD | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Entra ID Connect Arbitrary Password Overwrite	Post-Exploitation Active Directory Azure AD Cloud	Microsoft	Anthony Larcher-Gore (@Nullg0re)
So you found Auth0 secrets, now what?	LFI Auth0 Azure AD	Undisclosed	Matthew Keeley (@Nightbanes)
Hijacking Someone Else’s DCSync	Post-Exploitation Active Directory Azure AD Cloud	Microsoft	Anthony Larcher-Gore (@Nullg0re)
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust	Azure AD Kerberos Privilege Escalation	Undisclosed	Dirk-Jan Mollema (@_Dirkjan)
BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained	Account Takeover Azure AD Cloud XSS Privilege Escalation	Microsoft (Bing)	Hillai Ben-Sasson (@Hillai)
I’d TAP That Pass	Azure AD Cloud OAuth	Undisclosed	Daniel Heinsen (@Hotnops)
Azure security — Internal recon leveraging lack of access control	Azure AD Cloud Security Misconfiguration Privilege Escalation	Microsoft (Azure)	Molx32
Azure Active Directory Flaw Allowed SAML Persistence	Azure AD SAML SSO	Microsoft (Azure)	Secureworks Counter Threat Unit (@Secureworks)
Passwordless Persistence and Privilege Escalation in Azure	Privilege Escalation Cloud Azure AD	Microsoft	Andy Robbins (@_Wald0)
SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover	Account Takeover Azure AD Cloud	Microsoft	Tomer Nahum (@TomerNahum1)

Page 1 of 1