SharePointDumper is a PowerShell utility that extracts and audits SharePoint sites using Microsoft Graph. It requires an OAuth2 access token and provides detailed reports of accessed sites and downloaded files, making it useful for security assessments.

KustoHawk is a PowerShell script designed for incident triage and response within Microsoft Defender XDR and Sentinel environments. It collects indicators of compromise and runs queries against the Graph API to provide detailed activity reports for devices or accounts. Users can adjust the timeframe of data collection and export results for further analysis.

NEBULA is a PowerShell tool designed for testing Windows execution and persistence methods, including LOLBAS techniques. It provides a menu-driven interface for security researchers and teams to execute tests and log results. Example payloads sourced from Atomic Red Team are included for safe experimentation.

MSSQLHound is a PowerShell collector designed to integrate Microsoft SQL Server attack paths into BloodHound using OpenGraph. It facilitates the collection of data from MSSQL servers, generating temporary files that can be zipped and uploaded to BloodHound, while also offering various command line options to customize the data collection process. Key features include limitations, future development prospects, and a comprehensive reference for MSSQL nodes and edges.

Monkey365 is an open-source PowerShell module designed to facilitate security configuration reviews for Microsoft 365, Azure subscriptions, and Microsoft Entra ID. It helps identify security gaps and misconfigurations while providing recommendations based on industry best practices and compliance standards. The tool supports over 160 checks and generates reports aligned with the CIS benchmarks for enhanced security assessment.

A PowerShell tool for managing and auditing Role-Based Access Control (RBAC) in Microsoft Intune offers detailed insights into RBAC configurations, including role assignments and permissions. It features an interactive HTML report with security analysis, a permissions matrix, and a new security review dashboard to assess risk levels and security posture. Utility scripts facilitate specific RBAC management tasks such as exporting roles and assigning scope tags.

EntraFalcon is a PowerShell tool designed for security assessments of Microsoft Entra ID environments, suitable for pentesters and system administrators. It helps identify misconfigurations and risks related to privileged accounts and access policies, generating interactive HTML reports for analysis. The tool operates without external dependencies, supports multiple authentication methods, and is compatible with both Windows and Linux systems.

Azure AppHunter is an open-source PowerShell tool designed for security professionals to analyze and identify excessive or risky permissions assigned to Azure Service Principals. It enables users to enumerate dangerous Microsoft Graph permissions, detect privileged role assignments, and uncover potential escalation paths in Azure environments with minimal dependencies. The tool supports integration into automation and red teaming workflows, making it valuable for cloud security assessments.

BlackCat is a PowerShell module aimed at validating the security of Microsoft Azure environments by identifying potential security risks and ensuring compliance with best practices. It requires PowerShell 7.0 or higher and the Az.Accounts module, and is set to be published on the PowerShell Gallery after completion. Users can also contribute to the project by providing feedback or making code contributions through GitHub.

The blog explores the use of various APIs, specifically the Graph API, Azure Monitor API, and Defender ATP API, for enhancing security operations and automating threat detection. It provides insights into the available data, permissions required, limitations, and includes ready-to-use PowerShell scripts for executing KQL queries across these APIs. A focus is placed on best practices for querying and the advantages of using the Graph API for comprehensive data access.

ADeleginator is a tool designed to identify insecure trustee and resource delegations in Active Directory, serving as a wrapper around the existing tool ADeleg. Users can set it up by downloading the necessary components and running a PowerShell script to execute the tool. The project is credited to Spencer Alessi and acknowledges the contributions of @mtth-bfft.