AzureGraph : Azure AD Enumeration Over MS Graph

AzureGraph is an Azure AD information gathering tool over Microsoft Graph. Thanks to Microsoft Graph technology, it is possible to obtain all kinds of information from Azure AD, such as users, devices, applications, domains and much more. This application, allows you to query this data through the API in an easy and simple way through …

M365_Groups_Enum : Enumerate Microsoft 365 Groups In A Tenant With Their Metadata

M365_Groups_Enum is the all_groups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: name visibility: public or private description email address owners members Teams enabled? SharePoint URL (e.g. for Teams shared files) All of this, even for private Groups! Read more about this on my blog article “Risks of Microsoft Teams …

DefenderCheck : Identifies The Bytes That Microsoft Defender Flags On

DefenderCheck quick tool to help make evasion work a little bit easier. Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code …

ProxyLogon : PoC Exploit for Microsoft Exchange

ProxyLogon is a tool for PoC exploit for Microsoft exchange. How to use? python proxylogon.py <name or IP of server> <user@fqdn> Example python proxylogon.py primary administrator@lab.local If successful you will be dropped into a webshell. exit or quit to escape from the webshell (or ctrl+c) By default, it will create a file test.aspx. This can …

Eviloffice : Inject Macro & DDE Code Into Excel & Word Documents

Eviloffice is a tool used to inject macro and DDE code into Excel and Word documents (reverse shell). Features Inject malicious Macro on formats: docm, dotm, xlsm, xltm Inject malicious DDE code on formats: doc, docx, dot, xls, xlsx, xlt, xltx Python2/Python3 Compatible Tested: Win10 (MS Office 14.0) Requirements Microsoft Office (Word/Excel) pywin32: python -m …

ADCollector : Tool To Quickly Extract Valuable Information From Active Directory

ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point. Notes: It is not an alternative to the powerful PowerView, it just automates enumeration to quickly identify juicy information without thinking too …

MSOLSpray : A Password Spraying Tool For Microsoft Online Accounts

MSOLSpray is a password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn’t exist, if a user doesn’t exist, if the account is locked, or if the account is disabled. Why Another Spraying Tool? Yes, I realize …

BadBlood : Microsoft Active Directory Domain With A Structure

BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing …

OpenSK : Open-Source Implementation For Security Keys

OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standard. This repository contains a Rust implementation of a FIDO2 authenticator. We developed this as a Tock OS application and it has been successfully tested on the following boards: Nordic nRF52840-DK Nordic nRF52840-dongle FIDO2 Although we tested …

Application Inspector : A Source Code Analyzer Built For Surfacing Features Of Interest

Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does. It has received attention on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com. …