Read the original article: Abusing Replication: Stealing AD FS Secrets Over the Network
Organizations are increasingly adopting cloud-based services such as
Microsoft 365 to host applications and data. Sophisticated threat
actors are catching on and Mandiant has observed an increased focus on
long-term persistent access to Microsoft 365 as one of their primary
objectives. The focus on developing novel and hard to detect methods
to achieve this goal was highlighted with the recent detection of Abusing Replication: Stealing AD FS Secrets Over the Network