Develop and execute adversary emulation tests on high-risk service principal permissions #1371

mitchelbaker-cisa · 2024-10-22T17:24:25Z

💡 Summary

Refer to this list of high-risk service principal permissions. Determine the risk associated with assigning these permissions to a service principal, and determine what a malicious actor would have access to within an M365 environment.

Motivation and context

Associated with #1073 and builds on prototyping work for #1327.

Implementation notes

Use this issue as a reference point for reporting on information found.

Acceptance criteria

How do we know when this work is done?

The actual risks with each permission are determined, the list of high-risk service principal permissions is expanded upon or modified to reflect these updates.

This was referenced Oct 22, 2024

Service Principal Security #1073

Open

Prototype detection of service principals with risky permissions or credentials #1327

Open

schrolla added this to the Kraken milestone Nov 4, 2024

schrolla added enhancement This issue or pull request will add new or improve existing functionality hands-on-prototyping Reviewing an M365 feature by performing hands-on prototyping labels Nov 4, 2024

schrolla modified the milestones: Kraken, Backlog Nov 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Develop and execute adversary emulation tests on high-risk service principal permissions #1371

Develop and execute adversary emulation tests on high-risk service principal permissions #1371

mitchelbaker-cisa commented Oct 22, 2024

Develop and execute adversary emulation tests on high-risk service principal permissions #1371

Develop and execute adversary emulation tests on high-risk service principal permissions #1371

Comments

mitchelbaker-cisa commented Oct 22, 2024

💡 Summary

Motivation and context

Implementation notes

Acceptance criteria