← LibraryTechnique entry
APT-MICROSOFT-MIDNIGHTInitial Access
Midnight Blizzard Spray + Legacy OAuth (Microsoft 2024)
Password-spray a legacy non-prod tenant lacking MFA → discover a legacy OAuth app with full Mail.ReadWrite scope on corporate tenant — read executive mailboxes.
§ Where this technique fits
APT-MICROSOFT-MIDNIGHT is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.