Skip to content

Microsoft-Analyzer-Suite v1.4.0
Compare
Choose a tag to compare
@evild3ad evild3ad released this 24 Feb 06:29
· 10 commits to main since this release
v1.4.0
41cfcac

[1.4.0] - 2025-02-24

Added

  • UAL-Analyzer: Detection of suspicious Inbox Rules via RegEx (incl. Conditional Formatting)
  • UAL-Analyzer: MoveToFolder-Blacklist.csv
  • UAL-Analyzer: UniqueTokenId and IssuedAtTime added to Hunt View → correlate with SignInLogs
  • UAL-Analyzer: RecordType / Id (Stats)
  • UAL-Analyzer: Line Charts - SharePoint (Workload), OneDrive (Workload), and FileDownloaded (SharePoint and OneDrive)
  • OAuthPermissions-Analyzer: Microsoft Graph Edition
  • OAuthPermissions-Analyzer: Detection of suspicious OAuth Apps (Anomalous ReplyUrls, Common Naming Patterns)

Fixed

  • Minor fixes and improvements

9
Fig 1: OAuthPermissions-Analyzer → Find suspicious M365 OAuth applications

10
Fig 2: OAuthPermissions-Analyzer → Detect blacklisted M365 OAuth applications (Traitorware)

5
Fig 3: OAuthPermissions-Analyzer → 'AppOwnerOrganizationId' helps to identify the 'ApplicationType'

7
Fig 4: OAuthPermissions-Analyzer → OAuthPermissions (Hunt View)

8
Fig 5: OAuthPermissions-Analyzer → Anomalous ReplyUrls (Hunt View)

Assets 3
Loading