Attacking Entra ID Part 1 - The Outsider's Perspective

Part 1 of an Entra ID / Azure AD pentesting series. Starting from a domain name and nothing else — tenant fingerprinting, user enumeration, external OSINT, and phishing techniques. *Tools used:* AADInternals: https://aadinternals.com ROADtools: https://github.com/dirkjanm/ROADtools o365spray: https://github.com/0xZDH/o365spray Evilginx: https://github.com/kgretzky/evilginx2 *Required reading:* Microsoft Pentest Rules of Engagement: https://www.microsoft.com/en-us/msrc/... AADInternals Kill Chain: https://aadinternals.com/aadkillchain/ Just Looking (outsider recon): https://aadinternals.com/post/just-lo... *OSINT resources:* Hunter.io: https://hunter.io crt.sh: https://crt.sh IntelX: https://intelx.io Phonebook.cz: https://phonebook.cz All techniques demonstrated against a lab environment I own and control. Always obtain written authorization before testing any environment.