CRT is a tool to queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration settings in order to assist organizations in securing these environments.
Exchange Online (O365):
Azure AD:
Querying Tenant Partner Information: In order to view Tenant Partner Information, including roles assigned to your partners, you must log into the Microsoft 365 Admin Center as Global Admin:
https://admin.microsoft.com/AdminPortal/Home#/partners
The following PowerShell modules are required and will be installed automatically:
NOTE: To return the full extent of the configurations being queried, the following role is required:
When Global Admin privileges are not available, the tool will notify you about what information won’t be available to you as a result.
No parameters specified: A folder named with date and time (YYYYDDMMTHHMM) will be created automatically in the directory the script is being run from. Default authentication method will prompt for each connection for compatibility with MFA.
.\Get-CRTReport.ps1
-BasicAuth
Parameter: [OPTIONAL] If MFA is not enforced for your user principal, you can use this parameter which will prompt only once for authentication and store credentials using Get-Credential
. (Not Recommended)
.\Get-CRTReport.ps1 -BasicAuth
-JobName
Parameter: [OPTIONAL] Use the JobName parameter to distinguish between different tenants. If no JobName is specified, a Date/Time formatted folder will be placed within the working directory.
.\Get-CRTReport.ps1 -JobName MyJobName
-Commands
Parameter: [OPTIONAL] With this parameter, specify the specific commands you want to run in quotes, comma or space separated.
.\Get-CRTReport.ps1 -JobName MyJobName -WorkingDirectory ‘C:\Path\to\Job\Folder’ -Commands “Command1,Command2”
-AzureEnvironmentName & -ExchangeEnvironmentName
Parameter: [OPTIONAL] With this parameter, specify the Azure or Exchange environment names. Using tab complete you can search the acceptable values.
.\Get-CRTReport.ps1 -ExchangeEnvironmentName O365USGovGCCHigh -AzureEnvironmentName AzureUSGovernment
Available Commands:
FedConfig
FedTrust
ClientAccess
RemoteDomains
SMTPForward
TransportRules
FullAccessGranted
AnyAccessGranted
SendAsGranted
EXOPowerShell
AuditBypassEnabled
HiddenMailboxes
KeyCredentials
O365AdminGroups
DelegateAppPerms
AdminAuditLogConfig
-Interactive
Parameter: [OPTIONAL] Some commands may take a long time to process depending on the amount of data in the tenant. Using the Interactive parameter, you will have the option to skip any particular command prior to the module running.
.\Get-CRTReport.ps1 -JobName MyJobName -WorkingDirectory ‘C:\Path\to\Job\Folder’ -Interactive
Welcome to the Cybersecurity Toolkit, a collection of essential Python tools designed for penetration testing…
The main objective of the creation of this laboratory is to transport the applications, tools…
"Dark FB" is a powerful toolkit designed for those who wish to delve deeper into…
Unlock the potential of ethical hacking with Wifi-Hacking.py, a powerful cybersecurity tool designed to navigate…
This repository was created with the aim of assisting companies and independent researchers about Tactics,…
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path…