-
Notifications
You must be signed in to change notification settings - Fork 12
Updates
mc edited this page Jul 24, 2024
·
1 revision
New commands:
-
Backdoor-Script
: Patches an existing device management script with malicious code -
Deploy-MaliciousWeblink
: Deploys a malicious Windows web link app to all devices -
Add-ApplicationCertificate
: Similar toAdd-ApplicationPassword
except adds a x509 cert (public key) to the compromised app (can then use the .pfx to auth as the app service principal) -
Update-UserProperties
: Updates specific user properties, potentially allowing privileged access via dynamic groups -
Add-ApplicationPermission
: Assigns supplied permission to target or compromised application -
Grant-AppAdminConsent
: Grants admin consent to assigned permissions (if necessary) -
Find-PrivilegedApplications
: Identifies high-value enterprise applications with privileged permissions assigned -
Display-FirewallConfigPolicyRules
: Identifies Intune endpoint security firewall configuration policy rules -
Dump-Win32Apps
: Dumps all or specific Windows applications that have been deployed via Intune -
Dump-iOSApps
: Dumps all or specific iOS applications that have been deployed via Intune -
Dump-macOSApps
: Dumps all or specific macOS applications that have been deployed via Intune -
Dump-AndroidApps
: Dumps all or specific Android applications that have been deployed via Intune -
Locate-PermissionID
: Searcher for the MS Graph API permissions reference -
Locate-ObjectID
: Identifies and displays information relating to unknown object IDs (user, group, app, device, SP) -
Update-DeviceConfig
: Updates writable device configuration properties in Intune
Updated commands:
-
Spoof-OWAEmailMessage
: Added the--email
option for supplying formatted email body content -
Deploy-MaliciousScript
: RunAsAccount, EnforceSignatureCheck, and more script assignment options added to customise deployment -
List-Applications
&Get-Application
: Now dynamically resolve Graph API app role IDs from theRequiredResourceAccess
field -
Invoke-Search
: Now highlights matched search terms in output