For educational, authorized and/or research purposes only. o365spray a username enumeration and password spraying tool aimed at Microsoft Office 365 (O365). This tool reimplements a collection of enumeration and spray techniques researched and identified by those mentioned in Acknowledgments. WARNING: The oAuth2 module for user enumeration is performed by submitting a single authentication attempt perRead More
Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicators of Activity (IoA) from logs and unpack encoded data perform sophisticated analysis such asRead More
kekeo is a little toolbox I have started to manipulate Microsoft Kerberos in C (and for fun) ASN.1 library In kekeo, I use an external commercial library to deal with Kerberos ASN.1 structures: OSS ASN.1/C (http://www.oss.com/asn1/products/asn1-c/asn1-c.html) It was the only code generator/library that I’ve found to work easily with Microsoft C project. works without aRead More
Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCE.md for manual reproduce steps If your generated cab is not working, try pointingRead More
TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API By @thetechr0mancer Microsoft is getting better and better about blocking password spraying attacks against O365. TREVORspray can solve this by proxying its requests through an unlimited numberRead More
Sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email is registered on teams or not. More details on the immunIT’s blog Usage Microsoft Teams with the search features. This tool validates an email address or a list of email addresses. If these emails existRead More
The all_groups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: name visibility: public or private description email address owners members Teams enabled? SharePoint URL (e.g. for Teams shared files) All of this, even for private Groups! Read more about this on my blog article “Risks of MicrosoftRead More
Quick tool to help make evasion work a little bit easier. Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code inRead More
PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py <name or IP of server> <[email protected]> Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell (or ctrl+c) By default, it will create a file test.aspx. This can beRead More
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry. When running a packed PE file, the shell-entry willRead More
