AADInternals PowerShell Cmdlets Execution - PsScript

Rule Info

Name
AADInternals PowerShell Cmdlets Execution - PsScript
Author
Austin Songer (@austinsonger), Nasreddine Bencherchali (Nextron Systems), Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects ADDInternals Cmdlet execution. A tool for administering Azure AD and Office 365. Which can be abused by threat actors to attack Azure AD or Office 365.
Reference
https://o365blog.com/aadinternals/
Date
2022-12-23 00:00:00
Modified
2025-02-06 00:00:00
Id
91e69562-2426-42ce-a647-711b8152ced6
Tags
attack.execution attack.reconnaissance attack.discovery attack.credential-access attack.impact
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=91e69562-2426-42ce-a647-711b8152ced6

Rule History

Author
Title
Date
Commit
Swachchhanda Shrawan Poudel
Merge PR #5186 from @swachchhanda000 - Increase coverage of AADinternals rules
2025-02-17
1de2b1c30
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4533 from @nasbench - Promote `experimental` rules
2023-11-02
a6e7cce60
Wagga
fix: typos in multiple rules (#4011)
2023-02-06
273fdb998
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
fix: fp section
2022-12-23
1f38e15bb
Nasreddine Bencherchali
feat: new aadinternals related rules
2022-12-23
28664d5bb
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022