Skip to content


MAAD-AF provides testing coverage for nearly 50% of all MITRE techniques across O365, Azure AD and SaaS matrices combined.

Coverage MAP


Techniques List

Tactic Technique ID Technique
Collection T1114 Email Collection
Collection T1213 Data from Information Repositories
Collection T1119 Automated Collection
Collection T1530 Data from Cloud Storage
Credential Access T1528 Steal Application Access Token
Credential Access T1110 Brute Force
Credential Access T1556 Modify Authentication Process
Defense Evasion T1564 Hide Artifacts
Defense Evasion T1562 Impair Defenses
Defense Evasion T1078 Valid Accounts
Defense Evasion T1484 Domain Policy Modification
Defense Evasion T1556 Modify Authentication Process
Discovery T1069 Permission Groups Discovery
Discovery T1087 Account Discovery
Impact T1531 Account Access Removal
Initial Access T1078 Valid Accounts
Persistence T1098 Account Manipulation
Persistence T1078 Valid Accounts
Persistence T1136 Create Account
Persistence T1556 Modify Authentication Process
Privilege Escalation T1078 Valid Accounts

Open in MITRE Navigator

Download the MITRE layer file provided below to load & review MAAD-AF associated techniques in MITRE ATT&CK Navigator.

Download MAAD-AF Navigator Layer

Launch MITRE ATT&CK Navigator