GraphRunner: A Post-Exploitation Toolset for M365 | Beau & Steve

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! 📰 Read the GraphRunner blog with all the in-depth information you need -- https://www.blackhillsinfosec.com/introducing-graphrunner/ 🛝 Slides for this webcast available here: https://www.blackhillsinfosec.com/wp-content/uploads/2023/11/SLIDES_GraphRunner-A-Post-Exploitation-Toolset-for-M365.pdf 🐍🛢️Join us for Antisyphon Training’s Snake Oil? Summit, December 6 https://www.antisyphontraining.com/event/antisyphon-snake-oil-summit-2023/ This talk focuses on a new post-exploitation toolset called GraphRunner, that can be used to exploit certain default M365 configurations. During this Black Hills Information Security (BHIS) webcast, Beau and Steve will provide an in-depth exploration of GraphRunner’s features, designed to empower both red team professionals and defenders with a means to navigate the intricate Graph API at the heart of M365 and manipulate it for offensive purposes. GraphRunner offers functionalities that aid in lateral movement, data exfiltration, privilege escalation, and persistence within M365 accounts. This talk aims to bridge the gap between theoretical attack concepts and their tangible real-world application. Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining