Module Details

Halberd modules allow users to execute different attack techniques. Here is a list of all modules available in current release.

Attack Surface : Entra ID, M365, AWS

Total Unique Modules : 39

Note: Only unique modules are listed in each category. Modules overlap across multiple categories.

Entra ID

Initial Access

• Delegated Access (Username / Password)
• Password Spray
• Brute force Graph Access Token
• Brute force Password
• Entra ID App Only Access
• Entra ID Device Code Flow
• Entra ID Direct Token Access

Defense Evasion

• Modify Trusted IP Configuration

Discovery

• Discover Tenant Info
• Discover User Accounts
• Discover Groups
• Discover Applications
• Discover Conditional Access Policies
• Discover User One Drive
• Discover SharePoint Sites

Privilege Escalation

• Add User to Group
• Assign Directory Role to User

Persistence

• Create Backdoor Account in Tenant
• Invite External User to Tenant

Impact

• Remove User Account

M365

Collection

• Search User Outlook Messages
• Exfil User Mailbox
• Search User Teams Chat
• Search User SP One Drive
• Setup Email Forwarding Rule
• Search Teams Messages

Defense Evasion

• Setup Email Deletion Rule

Lateral Movement

• Send Email (Spear-Phishing)

AWS

Initial Access

• AWS Access

Discovery

• List Buckets
• List Bucket ACL
• List Bucket Objects
• List IAM Roles
• Enumerate EC2 Instances

Privilege Escalation

• Assume Role

Collection

• Exfil S3 Bucket

Impact

• Delete S3 Bucket
• Delete Bucket Objects
• Delete DynamoDB Table