Hey friends, sorry for the late episode but I’ve been deep in the trenches of pentest adventures. I’ll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I’ve picked up from recent engagements:
- GraphRunner – awesome PowerShell toolkit for interacting with Microsoft Graph API. From a pentesting perspective, it may help you bridge the “gap” between LAN-side AD and Azure and find some goodies – like files with and XSLX extension containing the word password.
- PowerUpSQL -I typically use this to make SQL servers cough me up a hash via SMB using stored procedures, but I learned this week that I’ll deeeefffffinitely use the Invoke-SQLAudit -Verbose functionality going forward.
Share on socials: