Skip to content

MAAD Attack Framework


MAAD-AF is an open-source cloud attack tool for Microsoft 365 & Entra ID(Azure AD) environments.

  • Designed with the goal to make security testing - Simple, Fast & Effective!
  • Easily & swiftly execute attack modules exploiting EntraID/M365 services.
  • Emulate breach / identity compromise in Microsoft cloud environments.
  • Effectively validate efficacy of security controls and detection & response capabilities against real cyber threats.

MAAD-AF is developed to tackle the common challenges preventing or limiting effective & frequent cloud security testings. Cost, complex processes, infrequency, lack of expertise, infrastructure impact are some of the challenges that currently rig effective security testing.

Why Get MAAD-AF?


MAAD-AF is designed to simplify security testing so everyone and anyone can use it from red team professionals to detection engineers to non-practitioners learning attacks in cloud. With no-command & intuitive prompt based workflow, MAAD-AF delivers a simple framework that makes it easy to understand and execute attack techniques. You can almost ignore this documentation :)


Test with 30+ attack modules in under an hour.

MAAD-AF's design allows for virtually no-setup process and no special requirements. Combined with no-command & fully interactive workflow users can simply download and start testing their environments with MAAD-AF in no time.


MAAD-AF follows and executes techniques captured in MITRE ATT&CK. Run effective security testing by testing against techniques commonly used by attackers in the wild & against frequently targeted cloud services.

By making security testing process simple, fast & effective, MAAD-AF aims to enable more organizations & individuals to perform security testing, and promote frequent and effective security testing practices.

Key Features

  • Extensive Testing Coverage : 30+ attack modules (~50% of MITRE techniques) ranging from initial access, persistence, privilege escalation, defense evasion, credential access, exfiltration, and impact.
  • Effective Testing : Test against techniques frequently used by adversaries & leverage living-off-the-land methods.
  • Ready Out-of-the-Box : No-setup process. Download and start testing.
  • Intutive at its Core : No-commands and a fully interactive prompt-based interface.
  • Clean Testing : Show your cloud some love - revert most actions executed and keep testing impact to minimal.
  • Tool for Everyone : A security tool for everyone who wishes to benefit from effective security testing - from red team professionals to detection engineers validating D&R capabilities to students & future practitioners learning cloud security.