Skip to content

Commit

Permalink
Merge pull request #932 from nterl0k/nterl0k-t1110-mfasweep-events
Browse files Browse the repository at this point in the history 
Nterl0k - T1110 mfasweep events
  • Loading branch information
@patel-bhavin
patel-bhavin authored Jan 14, 2025
2 parents d9a5448 + 2109cb0 commit 5b2216f
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1110/azure_mfasweep_events/azure_mfasweep_events.log
View file
Git LFS file not shown
14 changes: 14 additions & 0 deletions datasets/attack_techniques/T1110/azure_mfasweep_events/azure_mfasweep_events.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
author: Steven Dick
id: 27ba7e07-280e-4890-9b31-f2060d86f4c6
date: '2024-12-19'
description: 'Sample of MFA Sweep events used to enumerate Azure/Entra/o365 MFA weaknesses.'
environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1110/azure_mfasweep_events/azure_mfasweep_events.log
sourcetypes:
- o365:management:activity
references:
- https://attack.mitre.org/techniques/T1110
- https://www.blackhillsinfosec.com/exploiting-mfa-inconsistencies-on-microsoft-services/
- https://sra.io/blog/msspray-wait-how-many-endpoints-dont-have-mfa/
- https://github.com/dafthack/MFASweep/tree/master

0 comments on commit 5b2216f

Please sign in to comment.