MAAD-Attack Framework

MAAD_Logo

Introduction: MAAD-AF

MAAD-AF is an open-source cloud attack tool for security testing of Microsoft 365 & Entra ID(Azure AD) environments.

MAAD-AF is designed to make cloud security testing simple, fast, and effective.

MAAD-AF provides security practitioners easy to use fully interactive modules for the purpose of executing common attack techniques used by attackers against a Microsoft 365 or Entra ID (Azure AD) environment.

Some of the techniques are :

  • External organizational reconnaissance

  • Gaining initial access

  • Establishing persistence (getting sticky)

  • Evading typical defenses

  • Collecting data and exfiltrating it

  • …and more!

Ultimately, MAAD-AF allows the user to quickly execute common actions executed by an attacker to test existing controls, evaluate security posture, and inspect detections provided by existing threat detection platforms.

When should I use MAAD-AF?

MAAD-AF is primarily a security testing tool and should be useful in a variety of scenarios. The intent for MAAD-AF is to provide a vendor-neutral framework for testing M365 and Azure AD security. You should use MAAD-AF:

  1. With prospects during POVs to demonstrate Vectra’s TDR capabilities

  2. With customers to test their environment

  3. With prospects/customers in our cyber range for education on attacker TTPs and Vectra’s detection capabilities