Hacking
I’m not going to talk about these… yet… and there’s duplicates because I think it’s useful to see where they can be used in different scenarios. Expect this list to grow!
PowerShell Modules
Azure PowerShell
https://learn.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-9.3.0
| Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force |
Microsoft Online PowerShell
| Install-Module MSOnline |
Supporting Toolsets
Recon
https://github.com/LMGsec/o365creeper
https://github.com/0xsha/CloudBrute
https://github.com/initstring/cloud_enum
https://github.com/NetSPI/MicroBurst
Audit/Review
https://github.com/vletoux/PingCastleCloud
https://github.com/nccgroup/ScoutSuite
https://github.com/CrowdStrike/CRT
https://github.com/hausec/PowerZure
https://github.com/silverhack/monkey365
https://github.com/FSecureLABS/Azurite
On Prem Exchange Phishing
https://github.com/dafthack/MailSniper
Phishing Tools
https://github.com/kgretzky/evilginx2
https://github.com/drk1wi/Modlishka
https://github.com/gophish/gophish
https://github.com/mdsecactivebreach/o365-attack-toolkit
https://aadinternals.com/aadinternals/
https://github.com/fin3ss3g0d/evilgophish
Authentication Attacks
https://github.com/0xZDH/o365spray
https://github.com/0xZDH/Omnispray
https://github.com/dafthack/MailSniper
https://github.com/byt3bl33d3r/SprayingToolkit
https://github.com/dafthack/MSOLSpray
https://aadinternals.com/aadinternals/
https://github.com/blacklanternsecurity/TREVORspray
Proxy Tools
https://github.com/ustayready/fireprox
Image De-Obfuscation
https://github.com/beurtschipper/Depix
Post Authentication
https://github.com/nyxgeek/o365recon
https://aadinternals.com/aadinternals/
https://github.com/nccgroup/ScoutSuite
https://github.com/CrowdStrike/CRT
https://github.com/NetSPI/MicroBurst
https://github.com/hausec/PowerZure
Azure Error Code Checking
https://login.microsoftonline.com/error
Thanks
Thanks to community friends who are contributing etc. The world of cyber is a great place, with a great community spirit.
