Skip to content

Updates

mc edited this page Jul 24, 2024 · 1 revision

Graphpython v1.0

New commands:

  • Backdoor-Script: Patches an existing device management script with malicious code
  • Deploy-MaliciousWeblink: Deploys a malicious Windows web link app to all devices
  • Add-ApplicationCertificate: Similar to Add-ApplicationPassword except adds a x509 cert (public key) to the compromised app (can then use the .pfx to auth as the app service principal)
  • Update-UserProperties: Updates specific user properties, potentially allowing privileged access via dynamic groups
  • Add-ApplicationPermission: Assigns supplied permission to target or compromised application
  • Grant-AppAdminConsent: Grants admin consent to assigned permissions (if necessary)
  • Find-PrivilegedApplications: Identifies high-value enterprise applications with privileged permissions assigned
  • Display-FirewallConfigPolicyRules: Identifies Intune endpoint security firewall configuration policy rules
  • Dump-Win32Apps: Dumps all or specific Windows applications that have been deployed via Intune
  • Dump-iOSApps: Dumps all or specific iOS applications that have been deployed via Intune
  • Dump-macOSApps: Dumps all or specific macOS applications that have been deployed via Intune
  • Dump-AndroidApps: Dumps all or specific Android applications that have been deployed via Intune
  • Locate-PermissionID: Searcher for the MS Graph API permissions reference
  • Locate-ObjectID: Identifies and displays information relating to unknown object IDs (user, group, app, device, SP)
  • Update-DeviceConfig: Updates writable device configuration properties in Intune

Updated commands:

  • Spoof-OWAEmailMessage: Added the --email option for supplying formatted email body content
  • Deploy-MaliciousScript: RunAsAccount, EnforceSignatureCheck, and more script assignment options added to customise deployment
  • List-Applications & Get-Application: Now dynamically resolve Graph API app role IDs from the RequiredResourceAccess field
  • Invoke-Search: Now highlights matched search terms in output
Clone this wiki locally