azure-ad-attack

该技能不是普通云运维或审计指南，而是面向攻击者的 Azure AD/Entra ID 入侵手册。其能力范围与“攻击方法论”描述一致，但这一本身构成高危：它指导代理窃取令牌、攻击凭据、绕过条件访问、添加应用密钥并进行横向移动。使用了官方 Microsoft API 端点而非第三方中转，因而不属于隐蔽 API 代理型窃密；但技能整体属于明确的 offensive security / credential theft enablement，应判定为 MALICIOUS。

High-confidence malicious content: the fragment is an offensive playbook for stealing Azure AD tokens/cookies/PRT from a local victim, replaying them against Microsoft OAuth/Graph/ARM to impersonate users, and maintaining persistence via repeated refresh loops. It also contains guidance aimed at evading or exploiting CAE/Conditional Access-related behaviors. This should be treated as a credential-compromise facilitator and not included in any security-sensitive software supply chain.