Office365 Penetration Testing

THREATS, TACTICS AND PROCEDURES TTP
MITRE’S ATT&CK®
Office365 Pen Test
Initial Access of Adversaries to the Office365 Cloud
1. Phishing. 
2. Valid Accounts.
Persistence of Adversaries in the Office365 Cloud
1. Account Manipulation.
2. Create an Account.
3. Office Application Startup. 
4. Valid Accounts. 
Privilege Escalation by Adversaries in the O365  Cloud
1. Valid Accounts.
Defence Evasion of Adversaries to the O365 Cloud
1. Use Alternate Authentication Material.
2. Valid Accounts. 
Credential Access in the O365 Cloud Computing by Adversaries
1. Brute Force Attacks.
2. Steal Application Access Token. 
3. Steal Web Session Cookies. 
4. InSecure Credentials. 
Discovery in the O365 Cloud Computing by Adversaries
1. Account Discovery. 
2. Cloud Service Dashboard. 
3. Cloud Service Discovery. 
4. Permission Groups Discovery. 
5. Software Discovery. 
Lateral Movement in the Office365 Cloud by Adversaries
1. Internal Spear-Phishing.
2. User Alternate Authentication Material.
Collection of the O365 Cloud Computing by Adversaries
1. Data from Cloud Storage Object.
2. Email Collection.
Impact of  the Office 365 Cloud Computing Hacks
1. Endpoint Denial of Service. 
2. Network Denial of Service.  

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.