Skip to content

AZT405.2 - Azure AD Application: Application API Permissions#

By compromising a service principal whose application has privileged API permissions, an attacker can escalate their privileges to a higher privileged role.

Resource

Azure Active Directory

Actions

N/A

Since the attacker controls the application, no actions are needed.

Detections

Logs#

Data Source Operation Name Action Log Location
N/A N/A N/A N/A