Using the Duo Admin API to Gather Cross-tenant Administrator Email Addresses
9 min readFeb 8, 2024
tl;dr — A threat actor can create a free Duo tenant, upgrade to a trial premium service plan to create an Admin API, and programmatically identify valid cross-tenant (within the same Duo deployment instance) Administrator email accounts to use in targeted phishing campaigns.