-
Notifications
You must be signed in to change notification settings - Fork 12
Home
mc edited this page Jul 24, 2024
·
49 revisions
Please refer to the relevant sections for a detailed overview of available functionalities or demonstrations of Graphpython in operation.
New commands:
-
Backdoor-Script: Patches an existing device management script with malicious code -
Deploy-MaliciousWeblink: Deploys a malicious Windows web link app to all devices -
Add-ApplicationCertificate: Similar toAdd-ApplicationPasswordexcept adds a x509 cert (public key) to the compromised app (can then use the .pfx to auth as the app service principal) -
Update-UserProperties: Updates specific user properties, potentially allowing privileged access via dynamic groups -
Add-ApplicationPermission: Assigns supplied permission to target or compromised application -
Grant-AppAdminConsent: Grants admin consent to assigned permissions (if necessary) -
Find-PrivilegedApplications: Identifies high-value enterprise applications with privileged permissions assigned -
Display-FirewallConfigPolicyRules: Identifies Intune endpoint security firewall configuration policy rules -
Dump-Win32Apps: Dumps all or specific Windows applications that have been deployed via Intune -
Dump-iOSApps: Dumps all or specific iOS applications that have been deployed via Intune -
Dump-macOSApps: Dumps all or specific macOS applications that have been deployed via Intune -
Dump-AndroidApps: Dumps all or specific Android applications that have been deployed via Intune -
Locate-PermissionID: Searcher for the MS Graph API permissions reference -
Locate-ObjectID: Identifies and displays information relating to unknown object IDs (user, group, app, device, SP) -
Update-DeviceConfig: Updates writable device configuration properties in Intune
Updated commands:
-
Spoof-OWAEmailMessage: Added the--emailoption for supplying formatted email body content -
Deploy-MaliciousScript: RunAsAccount, EnforceSignatureCheck, and more script assignment options added to customise deployment -
List-Applications&Get-Application: Now dynamically resolve Graph API app role IDs from theRequiredResourceAccessfield -
Invoke-Search: Now highlights matched search terms in output