Azure Add Application
Creates and registers a new application in Microsoft Entra ID, establishing an identity that can authenticate and request access tokens.
T1136.003: Cloud Account
T1136.003: Cloud Account
Adversaries may create a cloud account to maintain access to victim systems. With a sufficient level of access, such accounts may be used to establish secondary credentialed access that does not require persistent remote access tools to be deployed on the system.
View on MITRE ATT&CK →Azure Add Service Principal
Creates a service principal in Entra ID, representing the identity instance of an application within a tenant.
Azure Add User
Creates a new user account in Microsoft Entra ID.
AWS CreateAccessEntry
Creates an access entry for an EKS cluster, granting an IAM principal Kubernetes API access via EKS access management.
AWS CreateAccount
Creates a new AWS account as a member of an AWS Organization under the management account.
AWS CreateOpenIDConnectProvider
Registers an OIDC identity provider with IAM, enabling federated access from external identity systems like GitHub Actions.
AWS CreateRole
Creates a new IAM role with a trust policy that defines which principals are permitted to assume it.
AWS CreateSAMLProvider
Registers a SAML 2.0 identity provider metadata document with IAM, enabling federated authentication via SAML.
AWS CreateUser
Creates a new IAM user in the AWS account for programmatic or console-based access.
Azure Invite External User
Sends a B2B guest invitation to an external user, granting them access to the tenant's resources.