The U.S. Cybersecurity and Infrastructure Agency (CISA) has recommended the use of a Python-based utility, dubbed “Untitled Goose Tool”, to detect vulnerabilities in Microsoft cloud environments such as Azure, Microsoft 365, and Azure Active Directory (AAD). Developed in collaboration with the U.S. Department of Energy’s Sandia National Laboratories, the tool leverages sophisticated hunting queries and can be used in tandem with other Microsoft detection and analysis tools to identify signs of exploitation.