Skip to content

S0684 ROADTools

ROADTools is a framework for enumerating Azure Active Directory environments. The tool is written in Python and publicly available on GitHub.1

Item Value
ID S0684
Associated Names
Version 1.0
Created 18 February 2022
Last Modified 01 April 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1087 Account Discovery -
enterprise T1087.004 Cloud Account ROADTools can enumerate Azure AD users.2
enterprise T1119 Automated Collection ROADTools automatically gathers data from Azure AD environments using the Azure Graph API.2
enterprise T1526 Cloud Service Discovery ROADTools can enumerate Azure AD applications and service principals.2
enterprise T1069 Permission Groups Discovery -
enterprise T1069.003 Cloud Groups ROADTools can enumerate Azure AD groups.2
enterprise T1018 Remote System Discovery ROADTools can enumerate Azure AD systems and devices.2
enterprise T1078 Valid Accounts -
enterprise T1078.004 Cloud Accounts ROADTools leverages valid cloud credentials to perform enumeration operations using the internal Azure AD Graph API.2

Groups That Use This Software

ID Name References
G0016 APT29 3