hawk
Export-RecipientPermissions
Our great sponsors
hawk | Export-RecipientPermissions | |
---|---|---|
14 | 1 | |
651 | 16 | |
- | - | |
3.9 | 4.4 | |
3 months ago | 28 days ago | |
PowerShell | PowerShell | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hawk
- Hawk Repo
-
Message Trace O365
I recommend checking this out btw https://github.com/T0pCyber/hawk
-
Office 365 Outlook rules automatically generating
run HAWK against the mailbox and it should surface something useful.
- Useful Email Compromise resource
- Compromised Email HOW?
-
Crazy Email Hacking
Use https://github.com/T0pCyber/hawk on the mailbox, it will show you everything you need to know. it knows what to look for, and produces a report on all the suss activities. Ive learnt best from letting it do its job then seeing what it found.
-
What do you use for your office 365 security routines and what routines do you perform?
HAWK is a great tool to investigate for suspicious activity. Its no silver bullet, but it does even dump a list of suspect accounts when you run the Tenant Investigation command. Probably with a little bit of work you could script HAWK to run automatically in bulk.
- User got phished. I asked her to think back and try to remember if she'd got an attachment that required login.
- Track down how account was compromised.
-
Office 365 audit log for compromised account
Have you ran the Powershell HAWK Tool ? https://github.com/T0pCyber/hawk
Export-RecipientPermissions
-
Export-RecipientPermissions
Export-RecipientPermissions can help you with all these tasks. Get your free copy at https://github.com/GruberMarkus/Export-RecipientPermissions.
What are some alternatives?
Business-Email-Compromise-Guide - The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the process of identifying, collecting and analysing activity associated with BEC intrusions.
PowerShell - PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)
PSBucket - PowerShell scripts that relate to blog articles I write on iphase.dk, msendpointmgr.com or technet gallery.
o365recon - retrieve information via O365 and AzureAD with a valid cred
PowerShell - My PowerShell scripts. Use at your own peril
office365 - Repo for containing and managing office 365 scripts for my customers, techs and others. If you have any questions please feel free to hit me up.
EWS-Office365-Contact-Sync - Uses Exchange Web Services to synchronize a Global Address List in Office 365 to a user's mailbox
monkey365 - Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
orca - The Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA)
CrpUsernameStuffing - PS Script to stuff usernames into NPS Connection Request Policies
Microsoft-Extractor-Suite - A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.