detecting-azure-lateral-movement
CommunityDetect Azure lateral movement and pivoting.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Lateral movement in cloud identities enables attackers to pivot across tenants and access across-cloud services. This skill helps security teams detect such activity by correlating Microsoft Graph API audit logs, Azure sign-in events, and risk signals to surface suspicious patterns and privilege escalation attempts.
Core Features & Use Cases
- Correlates directory audits, sign-ins, and risk events to surface cross-tenant pivots and credential abuse.
- Detects OAuth consent abuse, service principal credential changes, cross-tenant sign-ins, and token replay patterns.
- Supports threat hunting and incident response in Azure environments with multi-tenant setups.
Quick Start
Configure Azure AD and Graph API integration, then run the agent to ingest logs and generate a findings report.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detecting-azure-lateral-movement Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#detecting-azure-lateral-movement Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.