References

Type
Url
Description

technique

https://capec.mitre.org/data/definitions/562.html


technique

https://attack.mitre.org/techniques/T1080


technique

https://us-cert.cisa.gov/ncas/alerts/aa21-008a

CISA. (2021, January 8). Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Retrieved January 8, 2021.


technique

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

Microsoft. (2018, November 28). What is federation with Azure AD?. Retrieved December 30, 2020.


technique

https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/ADFSDomainTrustMods.yaml

Microsoft. (2020, December). Azure Sentinel Detections. Retrieved December 30, 2020.


technique

https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-off

Microsoft. (2020, September 14). Update or repair the settings of a federated domain in Office 365, Azure, or Intune. Retrieved December 30, 2020.


technique

https://www.sygnia.co/golden-saml-advisory

Sygnia. (2020, December). Detection and Hunting of Golden SAML Attack. Retrieved January 6, 2021.


technique

https://attack.mitre.org/techniques/T1484/002


technique

https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf

Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.


technique

https://attack.mitre.org/techniques/T1573/001