GraphRunner: A Post-Exploitation Toolset for M365 | Beau & Steve
📰 Read the GraphRunner blog with all the in-depth information you need -- https://www.blackhillsinfosec.com/introducing-graphrunner/ Slides for this webcast available here: https://www.blackhillsinfosec.com/wp-content/uploads/2023/11/SLIDES_GraphRunner-A-Post-Exploitation-Toolset-for-M365.pdf 🐍🛢️Join us for Antisyphon Training’s Snake Oil? Summit, December 6 https://www.antisyphontraining.com/event/antisyphon-snake-oil-summit-2023/ This talk focuses on a new post-exploitation toolset called GraphRunner, that can be used to exploit certain default M365 configurations. During this Black Hills Information Security (BHIS) webcast, Beau and Steve will provide an in-depth exploration of GraphRunner’s features, designed to empower both red team professionals and defenders with a means to navigate the intricate Graph API at the heart of M365 and manipulate it for offensive purposes. GraphRunner offers functionalities that aid in lateral movement, data exfiltration, privilege escalation, and persistence within M365 accounts. This talk aims to bridge the gap between theoretical attack concepts and their tangible real-world application. Chat with your fellow attendees in the Black Hills Infosec Discord here: https://discord.gg/BHIS -- in the #webcast-live-chat channel.