Closed ahazu closed 1 year ago
These are useful when looking for privilege escalation vectors (see https://www.mnemonic.io/resources/blog/abusing-dynamic-groups-in-azure-ad-for-privilege-escalation/).
Listing all dynamic groups can be done with MATCH (g:AZGroup) WHERE any(gt IN g.groupTypes WHERE gt = "DynamicMembership") RETURN g
MATCH (g:AZGroup) WHERE any(gt IN g.groupTypes WHERE gt = "DynamicMembership") RETURN g
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅
I have read the CLA Document and I hereby sign the CLA
recheck
Nice one. Thanks for your contribution @ahazu!
These are useful when looking for privilege escalation vectors (see https://www.mnemonic.io/resources/blog/abusing-dynamic-groups-in-azure-ad-for-privilege-escalation/).
Listing all dynamic groups can be done with
MATCH (g:AZGroup) WHERE any(gt IN g.groupTypes WHERE gt = "DynamicMembership") RETURN g