-
Notifications
You must be signed in to change notification settings - Fork 24
Module Details
Arpan Sarkar edited this page Jan 4, 2025
·
24 revisions
Halberd modules allow users to execute different attack techniques. Here is a list of all modules available in current release.
Attack Surface : Entra ID, M365, AWS, Azure
Total Unique Techniques : 90
Note: Only unique techniques are listed in each tactic. Techniques overlap across multiple tactics.
- Establish Access via Device Code Flow
- Establish Access As User - Delegated Access
- Establish Access As App
- Password Spray
- Bruteforce Password
- Bruteforce Graph Apps - Delegated Access
- Establish Access With Token
- Add Trusted IP Configuration
- Recon Tenant Info
- Check User Validity
- Enumerate Users
- Enumerate Apps
- Enumerate Directory Roles
- Enumerate Application Permissions
- Enumerate Groups
- Enumerate Conditional Access Policies
- Enumerate Users One Drive
- Enumerate Sharepoint Sites
- Add User to Group
- Assign Directory Role
- Generate App Credentials
- Assign App Permission
- Create Backdoor Account
- Invite External User
- Create New Application
- Remove Account Access
- Deploy Email Forwarding Rule
- Exfil Users Mailbox
- Search Outlook Messages
- Search Teams Chat
- Search Teams Messages
- Search User One Drive
- Deploy Email Deletion Rule
- Send Outlook email
- Establish Access
- Recon IAM User Info
- Recon Account Authorization Info
- Enumerate IAM Users
- Enumerate IAM Roles
- Enumerate IAM Policies
- Enumerate S3 Buckets
- Enumerate S3 Bucket Objects
- Get S3 Bucket ACL
- Enumerate EC2 Instances
- Enumerate Dynamo DB Tables
- Enumerate Cloud Trail Logs
- Enumerate GuardDuty Detectors
- Recon Risky IAM Policy User
- Recon EC2 Over Permissive Security Groups
- Recon S3 Public Buckets
- Disable CloudTrail Logging
- Modify Guard Duty Trusted IP
- Assume Role
- Exfiltrate S3 Bucket
- Expose S3 Bucket Public
- Delete S3 Bucket
- Delete S3 Bucket Object
- Delete DynamoDB Table
- Establish Access As User
- Establish Access As App
- Password Spray
- Enumerate VM
- Enumerate Resources
- Enumerate Resource Groups
- Enumerate Role Assignment
- Enumerate Virtual Machine Scale Set
- Enumerate VM in VMSS
- Enumerate Storage Accounts
- VM - Deploy Malicious Extension
- VM - Execute Scripts/Commands
- Elevate Access From EntraID
- Assign Role
- Modify Key Vault Access
- Create New Resource Group
- Enable Storage Account Public Access
- Expose Storage Account Container Public
- Abuse Azure Policy - Disable Logging
- Disable Resource Diagnostic Logging
- Disable Storage Account Firewall
- Dump Key Vault
- Dump Automation Account
- Dump Storage Account
- Share VM Disk
- Scan Logic Apps for Credentials
- Share Storage Account Container
- Generate Storage Account Container SAS
- Delete VM
- Establish Access As Service Account