Skip to content

Manage Access

Jump to bottom
Arpan Sarkar edited this page Sep 21, 2024 · 1 revision

Establish Access

  1. Navigate to Attack page
  2. Select target environment from tabs [EntraID, M365, Azure, AWS]
  3. Select Initial Access from the tactics dropdown
  4. Select an initial access technique
  5. Fill out required configuration details
  6. Execute technique
  7. If technique is successful, navigate back to Access page and review your access information

EntraID/M365 Access

EntraID and M365 access in Halberd is managed using Microsoft Graph access tokens.

Multiple access tokens can be stored in Halberd and used interchangeably across different EntraID / M365 techniques.

Select / Switch Access Token

  1. Navigate to Entra ID / M365 - Access Info section on Access page
  2. Select a available token from the Set Access dropdown

If the dropdown is empty, it indicates you have not established access and have no available tokens.

  1. Step 2 sets the token as the active EntraID/M365 token in Halberd. Any technique executed will use this access token to make subsequent graph requests.

Note : You can switch tokens between technique executions, enabling executing one technique from one access and another technique from different access.

View Access Details

  1. Select a token from Set Access dropdown
  2. This will generate the token information in the details window to the right
  3. Review token information to understand the associated access and permissions

Remove Access

Tokens can be deleted from the app if you no longer need them.

  1. Select a token from Set Access dropdown
  2. Review details in the details window to ensure its the correct token
  3. Click on Remove Access button. This will delete the token permanently from Halberd
  4. Refresh the page to view changes

AWS Access

AWS access is created and managed using boto3 sessions.

Multiple boto3 sessions can be maintained in Halberd and used interchangeably across different AWS techniques.

Select / Switch Session

  1. Navigate to AWS - Access Info section on Access page
  2. Select a available session from the Set Access dropdown

If the dropdown is empty, it indicates you have not established access and have no available sessions.

  1. Step 2 sets the session as the active AWS session in Halberd. Any technique executed will use this session to make subsequent requests.

Note : You can switch sessions between technique executions, enabling executing one technique from one session and another technique using different session.

View Session Details

  1. Select a session name from Set Access dropdown
  2. This will generate the session information in the details window to the right
  3. Review session information to understand the associated access and permissions

Remove Session

Sessions can be deleted from the app if you no longer need them.

  1. Select a session name from Set Access dropdown
  2. Review details in the details window to ensure its the correct session
  3. Click on Remove Access button. This will delete the session permanently from Halberd
  4. Refresh the page to view changes

Azure Access

Azure access in Halberd is managed using Azure CLI

Multiple Azure sessions can be maintained in Halberd and used interchangeably across different AWS techniques.

If you have any prior Azure CLI sessions established on host, they will show up in Halberd Azure access as well.

Select / Switch Session

  1. Navigate to Azure - Access Info section on Access page
  2. Select an available azure subscriptions from the Set Access dropdown.

If the dropdown is empty, it indicates you have not established access and have no available access. After establishing access, even if a subscription is not selected manually, the default subscription is active.

  1. Step 2 sets the subscription as the active Azure subscription in Halberd. Any technique executed will use this subscription to make subsequent Azure requests.

Note : You can switch Azure subscriptions & access between technique executions, enabling executing one technique against one subscription and another technique against different subscription.

View Session Details

  1. Select a session name from Set Access dropdown
  2. This will generate the session information in the details window to the right
  3. Review session information to understand the associated access and permissions

Remove Session

Azure session can be deleted from the app if you no longer need it.

  1. Select a subscription name from Set Access dropdown
  2. Review details in the details window to ensure its the correct session
  3. Click on Remove Access button. This will logout from the session.
  4. Refresh the page to view changes

Halberd Wiki

Clone this wiki locally