Escalating Access

Strategy

• Password Spray using TREVORSpray or any similar tool

• After gaining a foothold search the emails for anything related to VPNs and Passwords

  • SharePoint is a great place to search of passwords in spreadsheets

  • Take screenshots of any sensitive information or files you have access to as evidence

• Log into portal.azure.com and dump out all of the user accounts on the Domain

  • The more accounts you have, the better possibility of a successful password spray

  • Add a new user if the breached account has permissions to do so

• Password Spray against all of the new accounts

• Figure out how they log into their VPN and connect to the network

Escalating access may turn into a cycle of breaching an account, enumerating it, try to get into the internal network through the account, breaching more accounts through the original ... and so on