🚀I'm finally releasing GraphSpy to the public!🕵️.A powerful offensive security tool focused on making initial access and post-compromise enumeration in Microsoft Entra and M365 much more convenient during penetration tests and red team assessments!.

I will be sharing more in-depth details and the tools/scripts I created to set up some of these attacks in a blog post very soon!.

Thanks to everyone who joined my DEFCON33 talk!🎉.For those of you who missed it and are interested in seeing how we can extract cleartext credentials and bypass MFA directly from the official Microsoft login page, I just uploaded the recording to YouTube:.

RT @Wietze: A special shoutout to the many 🇪🇺European cyber researchers presenting their work at #DEFCON, you were awesome. 🇳🇱@_dirkjan @J….

I just noticed that the domain enumeration technique with the Autodiscover endpoint is suddenly not working anymore. This is what tools like @DrAzureAD's AADInternals (Get-AADIntTenantDomains) used to allow unauthenticated enumeration of all domains linked to an Entra ID tenant.

RT @nikhil_mitt: Grab a seat for one of @AlteredSecurity's three popular Red Team classes at @BlackHatEvents . Azure Attacks Advanced (In-….

I am very excited to share that I’ve been accepted to speak on one of the main stage tracks at @defcon this August in Las Vegas! 🎉. Can't wait to share this research on one of the biggest stages in the hacking community! 🔥. Let me know if you’ll be at #DEFCON33!. #DEFCON

❤️‍🔥 If you want to support the development of GraphSpy and get early access to new features, check out the 𝐬𝐩𝐨𝐧𝐬𝐨𝐫 𝐩𝐚𝐠𝐞 here: Thanks to @infosecnoodle and @q8fawazo for already supporting GraphSpy before this public announcement. ❤️.

⚒️ 𝑪𝒓𝒐𝒔𝒔 𝒕𝒐𝒐𝒍 𝒔𝒖𝒑𝒑𝒐𝒓𝒕 — Import/Export device certificates, Primary Refresh Tokens, and WinHello keys to easily switch between your favorite tools (e.g. roadtools, AADInternals, pytune, . ) while keeping track of all your certificates/tokens/keys in GraphSpy.

Join millions who have switched to Grok.

🍪 𝑷𝑹𝑻 𝑪𝒐𝒐𝒌𝒊𝒆𝒔 — Generate 𝐏𝐑𝐓 𝐂𝐨𝐨𝐤𝐢𝐞𝐬 using the Primary Refresh Tokens in GraphSpy, allowing signing in to 𝐚𝐧𝐲 𝐰𝐞𝐛𝐬𝐢𝐭𝐞 𝐮𝐬𝐢𝐧𝐠 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃 𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧, without needing the 𝐮𝐬𝐞𝐫'𝐬 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝 𝐨𝐫 𝐌𝐅𝐀!.

🖥️ 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒆𝒅 𝒑𝒐𝒔𝒕-𝒄𝒐𝒎𝒑𝒓𝒐𝒎𝒊𝒔𝒆 𝒂𝒄𝒕𝒊𝒐𝒏𝒔 — New 𝐚𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐜 𝐚𝐜𝐭𝐢𝐨𝐧𝐬 can be configured to set up persistence within 5 seconds (e.g. 𝐫𝐞𝐠𝐢𝐬𝐭𝐞𝐫𝐢𝐧𝐠/𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐚 𝐝𝐞𝐯𝐢𝐜𝐞, requesting a 𝐏𝐑𝐓, 𝐞𝐧𝐫𝐨𝐥𝐥𝐢𝐧𝐠 WinHello).

🤖 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒆𝒅 𝒅𝒆𝒗𝒊𝒄𝒆 𝒄𝒐𝒅𝒆 𝒆𝒏𝒕𝒓𝒚 — Skip the first step where the victim needs to fill in the code. GraphSpy 𝐠𝐞𝐧𝐞𝐫𝐚𝐭𝐞𝐬 𝐭𝐡𝐞 𝐝𝐞𝐯𝐢𝐜𝐞 𝐜𝐨𝐝𝐞 ad-hoc, fills it in on the legit devicelogin page, and redirects the user to complete the flow.

GraphSpy just got scarily powerful!🔥. 🤖Automated device code entry.🖥️Post-comprimise automation (device registration, WinHelloForBusiness, . ).🍪PRT Cookies.⚒️Cross-tool support. ❤️‍🔥The sponsor branch is now live for early access: 🧵More info below

RT @lastweekinfosec: ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), and mor….

RT @janbakker_: 💡Learn how to restrict device code flow in Entra ID!.

📧 GraphSpy 1.5.0 is out now and brings a brand new Outlook Graph module!. ✅Read emails in any folder.✅Send HTML-formatted emails directly in GraphSpy.✅Access shared mailboxes.✅Search for sensitive information like passwords. 🔗Check out GraphSpy here:.

Microsoft seems to have recently deprecated the legacy account.activedirectory.windowsazure[.]com endpoint, which GraphSpy was using to list and add MFA methods for a user. GraphSpy 1.4.3 now utilizes the mysignins[.]microsoft[.]com API now (which is also a FOCI resource!)

RT @merill: I just published this week's Entra newsletter!. Featuring @12Knocksinna, @alitajran, @Christian_Frohn, @Ciraltos, @DanielatOCN,….

GraphSpy just hit 600 stars on GitHub after releasing version 1.4!✨. This version introduces the new Entra ID module, better loading animations, and JSON syntax highlighting. Check it out here: .

RT @mrgretzky: Defenders use cross-origin requests through CSS url() or injected JS to leak your phishing URL in the HTTP Referer header.….

Last week to register in the Azure Red Team Expert bootcamp from @AlteredSecurity!.Join me during the 4 live sessions in October to level up your Azure Red Teaming skills.