A cybersecurity enthusiast known as OtterHacker has introduced M365Pwned, a set of user-friendly GUI tools aimed at extracting data from Microsoft 365 environments using OAuth tokens. These tools, designed for red team exercises, operate without the need for user intervention.
Overview of M365Pwned Tools
Constructed using PowerShell 5.1 and integrating with the Microsoft Graph API, the toolkit offers advanced capabilities for penetration testers and adversary simulators working within enterprise-level Microsoft 365 setups. The toolkit comprises two main components: MailPwned-GUI.ps1 and SharePwned-GUI.ps1, targeting Exchange Online and SharePoint, respectively.
These tools leverage a registered Azure Active Directory application with necessary permissions, supporting authentication through Client Secret, Certificate Thumbprint, and Raw Access Token methods.
Functionality and Capabilities
The MailPwned tool is equipped with features to navigate through Exchange Online, enabling operators to browse mailboxes, perform keyword searches, and retrieve emails with full HTML rendering. It also supports bulk attachment downloads and email impersonation, all while minimizing audit footprints.
SharePwned, on the other hand, allows users to access SharePoint sites across an enterprise, browse document libraries, and conduct file searches. It employs a fallback search mode when certain permissions are unavailable, ensuring comprehensive access to stored data.
Operational Security and Compliance
Both tools maintain operational security by ensuring all requests are logged under the registered application’s identity in Graph audit logs. Security teams are advised to review application permissions and monitor access for any unusual activity.
The toolkit also supports region-specific settings, enhancing its functionality across various geographic data centers. This adaptability is crucial for users operating in diverse regulatory environments.
For those interested in a command-line interface, a separate version of SharePwned is accessible on GitHub, courtesy of developer Ethical-Kaizoku.
Stay updated with the latest in cybersecurity by following us on Google News, LinkedIn, and X. Reach out to us if you have stories to share.
