Azure AD Enumeration
15%
AzureHound, ROADtools, Az CLI enumeration of users, groups, apps, service principals
Azure Service Attacks
15%
App Service exploitation, Function Apps, automation accounts, logic apps abuse
Managed Identity Abuse
15%
System/user-assigned MI token theft, privilege escalation via MI permissions
Storage & Key Vault Attacks
15%
Storage account SAS token abuse, Key Vault secrets, connection string theft
IAM Privilege Escalation
20%
Role assignment abuse, Owner/Contributor/UserAccessAdministrator escalation paths
Conditional Access Bypass
10%
Legacy auth, trusted location bypass, MFA fatigue, CAP enumeration
Azure Persistence
10%
App registration backdoors, admin consent grants, adding credentials to service principals