Skip to content

AZT405 - Azure AD Application#

Adversaries may abuse the assigned permissions on an Azure AD Application to escalate their privileges.

ID Name Description Action Resources
AZT405.1 Application Role By compromising a user, user in a group, or service principal that has an application role over an application, they may be able to escalate their privileges by impersonating the associated service principal and leveraging any privileged assigned application role. AzureAD
AZT405.2 Application API Permissions By compromising a service principal whose application has privileged API permissions, an attacker can escalate their privileges to a higher privileged role. AzureAD
AZT405.3 Application Registration Owner By compromising an account who is an 'Owner' over an application that is configured with additional roles or API permissions, an attacker can escalate their privileges by adding a certificate or credentials & logging in as the service principal. AzureAD