Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence

Posted Sep 17, 2024

By Katie Knowles

1 min read

I recently published an article on Datadog Security Labs. This article is about how Entra ID’s restricted management and hidden membership administrative units (AUs) can be used for privileged persistence:

“Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence”

Hope you find it interesting!

technical, azure

This post is licensed under CC BY 4.0 by the author.

Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence

Further Reading

Terraforming Entra ID Test Environments

Wiz’s IAM Challenge: What I Learned

Wiz’s EKS Cluster Games: What I Learned (Part 1)