hawk
AzureHunter
Our great sponsors
| hawk | AzureHunter | |
|---|---|---|
| 14 | 2 | |
| 651 | 755 | |
| - | - | |
| 3.9 | 0.0 | |
| 3 months ago | over 1 year ago | |
| PowerShell | PowerShell | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hawk
- Hawk Repo
-
Message Trace O365
I recommend checking this out btw https://github.com/T0pCyber/hawk
-
Office 365 Outlook rules automatically generating
run HAWK against the mailbox and it should surface something useful.
- Useful Email Compromise resource
- Compromised Email HOW?
-
Crazy Email Hacking
Use https://github.com/T0pCyber/hawk on the mailbox, it will show you everything you need to know. it knows what to look for, and produces a report on all the suss activities. Ive learnt best from letting it do its job then seeing what it found.
-
What do you use for your office 365 security routines and what routines do you perform?
HAWK is a great tool to investigate for suspicious activity. Its no silver bullet, but it does even dump a list of suspect accounts when you run the Tenant Investigation command. Probably with a little bit of work you could script HAWK to run automatically in bulk.
- User got phished. I asked her to think back and try to remember if she'd got an attachment that required login.
- Track down how account was compromised.
-
Office 365 audit log for compromised account
Have you ran the Powershell HAWK Tool ? https://github.com/T0pCyber/hawk
AzureHunter
What are some alternatives?
Business-Email-Compromise-Guide - The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the process of identifying, collecting and analysing activity associated with BEC intrusions.
DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
PowerShell - PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)
sysmon-modular - A repository of sysmon configuration modules
o365recon - retrieve information via O365 and AzureAD with a valid cred
CloudShell - Container Image for Azure Cloud Shell (https://azure.microsoft.com/en-us/features/cloud-shell/)
office365 - Repo for containing and managing office 365 scripts for my customers, techs and others. If you have any questions please feel free to hit me up.
beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
monkey365 - Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
Hunting-Queries-Detection-Rules - KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
CrpUsernameStuffing - PS Script to stuff usernames into NPS Connection Request Policies
Trawler - PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.