- https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
- https://blog.sygnia.co/detection-and-hunting-of-golden-saml-attack
- https://www.netspi.com/blog/technical/cloud-penetration-testing/enumerating-azure-services/
- https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html
- https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad/defending-against-the-evilginx2-mfa-bypass/m-p/501719
- https://thecloudtechnologist.com/2019/04/29/defending-against-evilginx2-in-office-365/
- https://www.alteredsecurity.com/post/introduction-to-365-stealer
- https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/
- https://derkvanderwoude.medium.com/password-spray-from-attack-to-detection-and-prevention-87c48cede0c0
- https://jeffreyappel.nl/protecting-against-password-spray-attacks-with-azure-sentinel-and-azure-ad/
- https://stealthbits.com/blog/lateral-movement-to-the-cloud-pass-the-prt/
- https://derkvanderwoude.medium.com/pass-the-prt-attack-and-detection-by-microsoft-defender-for-afd7dbe83c94
-
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
-
https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/AWS.md
-
https://github.com/NetSPI/MicroBurst/blob/master/Misc/Invoke-EnumerateAzureBlobs.ps1
-
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense
-
https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md
-
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest/blob/main/README.md