This is a POC script to automate the information gathering phase during an Azure Device Code Phishing attack. For more information refer the blogpost: https://www.offsec-journey.com/post/phishing-with-azure-device-codes
Step To Run
- Copy ADCEnum.ps1 to TokenTactics directory
- Install-Module AzureAD
- Ensure script is updated with victim EMAIL & DEVICE_CODE
- Save console output to file) by running the command: Start-Transcript -Path C:\Temp\
- EXECUTE SCRIPT: .\ADCEnum.ps1
- Stop-Transcript
- Dr Nestori Syynimaa's Blog
- @0xBoku - The Art of the Device Code Phish
- @Mr-Un1k0d3r - GitHub
- @rvrsh3ll - TokenTactics
- Microsoft - OAuth Device Auth Flow