hawk
BadZure
hawk | BadZure | |
---|---|---|
14 | 1 | |
652 | 349 | |
- | - | |
3.9 | 8.4 | |
3 months ago | 5 months ago | |
PowerShell | PowerShell | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hawk
- Hawk Repo
-
Message Trace O365
I recommend checking this out btw https://github.com/T0pCyber/hawk
-
Office 365 Outlook rules automatically generating
run HAWK against the mailbox and it should surface something useful.
- Useful Email Compromise resource
- Compromised Email HOW?
-
Crazy Email Hacking
Use https://github.com/T0pCyber/hawk on the mailbox, it will show you everything you need to know. it knows what to look for, and produces a report on all the suss activities. Ive learnt best from letting it do its job then seeing what it found.
-
What do you use for your office 365 security routines and what routines do you perform?
HAWK is a great tool to investigate for suspicious activity. Its no silver bullet, but it does even dump a list of suspect accounts when you run the Tenant Investigation command. Probably with a little bit of work you could script HAWK to run automatically in bulk.
- User got phished. I asked her to think back and try to remember if she'd got an attachment that required login.
- Track down how account was compromised.
-
Office 365 audit log for compromised account
Have you ran the Powershell HAWK Tool ? https://github.com/T0pCyber/hawk
BadZure
What are some alternatives?
Business-Email-Compromise-Guide - The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the process of identifying, collecting and analysing activity associated with BEC intrusions.
office365-cli - Manage Microsoft 365 and SharePoint Framework projects on any platform [Moved to: https://github.com/pnp/cli-microsoft365]
PowerShell - PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)
microsoft-authentication-library-for-dotnet - Microsoft Authentication Library (MSAL) for .NET
o365recon - retrieve information via O365 and AzureAD with a valid cred
cli-microsoft365 - Manage Microsoft 365 and SharePoint Framework projects on any platform
monkey365 - Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
terraform-provider-azuread - Terraform provider for Azure Active Directory
office365 - Repo for containing and managing office 365 scripts for my customers, techs and others. If you have any questions please feel free to hit me up.
ROADtools - A collection of Azure AD/Entra tools for offensive and defensive security purposes
CrpUsernameStuffing - PS Script to stuff usernames into NPS Connection Request Policies
active-directory-lab-hybrid-adfs - Create a full AD/CA/ADFS/WAP lab environment with Azure AD Connect installed