TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Bishop Fox

2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

2025-06-18 · Read original ↗

ATT&CK techniques detected

9 predictions
T1176.001Browser Extensions
87%
“a way that ’ s hard to detect. 32. cursedchrome creator : matthew bryant ( @ mandatoryprogrammer ) “ a chrome - extension implant that turns victim chrome browsers into fully - functional http proxies, allowing you to browse sites as your victims. ” description : cursedchrome let…”
T1525Implant Internal Image
57%
“mapping out complex roles, group memberships, and privilege escalation paths. it ’ s a great tool for visualizing and exploiting cloud identity relationships using the graph api. 18. roadtools creator : dirk - jan mollema ( @ dirkjanm ) “ a collection of azure ad / entra tools fo…”
T1176.001Browser Extensions
50%
“forensic analysis and threat hunting. 30. frida creator : frida ( @ frida ) “ a dynamic instrumentation toolkit for developers, reverse - engineers, and security researchers. ” description : frida lets you inject your own code into running apps, giving you dynamic insight and con…”
T1110.003Password Spraying
49%
“- exploitation toolset for interacting with the microsoft graph api. ” description : graphrunner makes querying the graph api from powershell fast and painless, enabling you to easily map azure ad or dig into roles and permissions, even with limited access. 21. trevorspray creato…”
T1525Implant Internal Image
48%
“2025 red team tools – cloud & identity exploitation, evasion & developer libraries in our red team tools part 1 roundup, we highlighted tools commonly used for c2 ( like sliver ), active directory, and network exploitation, but more importantly, we underscored how skilled operato…”
T1110.003Password Spraying
47%
“password spray attacks or credential stuffing. 23. seamlesspass creator : malcrove ( @ malcrove ) “ a tool leveraging kerberos tickets to get microsoft 365 access tokens using seamless sso. ” description : this tool targets a newer and often - overlooked attack surface, windows h…”
T1059.009Cloud API
40%
“2025 red team tools – cloud & identity exploitation, evasion & developer libraries in our red team tools part 1 roundup, we highlighted tools commonly used for c2 ( like sliver ), active directory, and network exploitation, but more importantly, we underscored how skilled operato…”
T1059.009Cloud API
39%
“mapping out complex roles, group memberships, and privilege escalation paths. it ’ s a great tool for visualizing and exploiting cloud identity relationships using the graph api. 18. roadtools creator : dirk - jan mollema ( @ dirkjanm ) “ a collection of azure ad / entra tools fo…”
T1003OS Credential Dumping
34%
“password spray attacks or credential stuffing. 23. seamlesspass creator : malcrove ( @ malcrove ) “ a tool leveraging kerberos tickets to get microsoft 365 access tokens using seamless sso. ” description : this tool targets a newer and often - overlooked attack surface, windows h…”

Summary

Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage.