Deploy Backdoor Account
Description
deploy backdoor account module creates a new identity in Entra ID that can be used as a backdoor for persistent access to the tenant. No roles are assigned to the new identity. To do that users can use assign azure ad role to account & assign management role to account modules.
If a backdoor account is successfully deployes, this modules stores the new identity information to MAAD Credential Store for use in future.
Trigger
MAAD Attack Arsenal -> "Account" -> 2
MITRE ATT&CK Information
| Tactic | Technique |
|---|---|
| Persistence | Create Account: Cloud Account |
Additional Details
Microsoft services being accessed by this module:
External PowerShell module used: