ROADTools

ROADTools is a framework for enumerating Azure Active Directory environments. The tool is written in Python and publicly available on GitHub.[1]

ID: S0684
Type: TOOL
Version: 1.0
Created: 18 February 2022
Last Modified: 01 April 2022

Techniques Used

Domain ID Name Use
Enterprise T1087 .004 Account Discovery: Cloud Account

ROADTools can enumerate Azure AD users.[2]

Enterprise T1119 Automated Collection

ROADTools automatically gathers data from Azure AD environments using the Azure Graph API.[2]

Enterprise T1526 Cloud Service Discovery

ROADTools can enumerate Azure AD applications and service principals.[2]

Enterprise T1069 .003 Permission Groups Discovery: Cloud Groups

ROADTools can enumerate Azure AD groups.[2]

Enterprise T1018 Remote System Discovery

ROADTools can enumerate Azure AD systems and devices.[2]

Enterprise T1078 .004 Valid Accounts: Cloud Accounts

ROADTools leverages valid cloud credentials to perform enumeration operations using the internal Azure AD Graph API.[2]

Groups That Use This Software

ID Name References
G0016 APT29

[3]

References