Merge pull request #635 from siigil/katie.knowles/au-todo-update

Update AU Documentation

Author: siigil

docs/attack-techniques/entra-id/entra-id.persistence.hidden-au.md

@@ -17,8 +17,7 @@ Platform: Entra ID
 ## Description
 
 
-Creates an [Administrative Unit (AU)](https://learn.microsoft.com/en-us/graph/api/resources/administrativeunit?view=graph-rest-1.0) with hidden membership, and a scoped role assignment over this AU.
-This simulates an attacker that TODO.
+Creates an [Administrative Unit (AU)](https://learn.microsoft.com/en-us/graph/api/resources/administrativeunit?view=graph-rest-1.0) with hidden membership, and a scoped role assignment over this AU. This simulates an attacker attempting to conceal the scope of a scoped role assignment using hidden AU membership.
 
 <span style="font-variant: small-caps;">Warm-up</span>:
 

docs/attack-techniques/entra-id/entra-id.persistence.restricted-au.md

@@ -17,7 +17,7 @@ Platform: Entra ID
 ## Description
 
 
-Creates a [restricted management Administrative Unit (AU)](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-restricted-management), and place a backdoor account in it to simulate a protected attacker-controlled user.
+Creates a [restricted management Administrative Unit (AU)](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-restricted-management), and places a backdoor account in it to simulate a protected attacker-controlled user.
 
 <span style="font-variant: small-caps;">Warm-up</span>:
 

v2/internal/attacktechniques/entra-id/persistence/hidden-au/main.go

@@ -21,8 +21,7 @@ func init() {
 		ID:           "entra-id.persistence.hidden-au",
 		FriendlyName: "Create Hidden Scoped Role Assignment Through HiddenMembership AU",
 		Description: `
-Creates an [Administrative Unit (AU)](https://learn.microsoft.com/en-us/graph/api/resources/administrativeunit?view=graph-rest-1.0) with hidden membership, and a scoped role assignment over this AU.
-This simulates an attacker that TODO.
+Creates an [Administrative Unit (AU)](https://learn.microsoft.com/en-us/graph/api/resources/administrativeunit?view=graph-rest-1.0) with hidden membership, and a scoped role assignment over this AU. This simulates an attacker attempting to conceal the scope of a scoped role assignment using hidden AU membership.
 
 Warm-up:
 

v2/internal/attacktechniques/entra-id/persistence/restricted-au/main.go

@@ -21,7 +21,7 @@ func init() {
 		ID:           "entra-id.persistence.restricted-au",
 		FriendlyName: "Create Sticky Backdoor User Through Restricted Management AU",
 		Description: `
-Creates a [restricted management Administrative Unit (AU)](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-restricted-management), and place a backdoor account in it to simulate a protected attacker-controlled user.
+Creates a [restricted management Administrative Unit (AU)](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-restricted-management), and places a backdoor account in it to simulate a protected attacker-controlled user.
 
 Warm-up: