-
Notifications
You must be signed in to change notification settings - Fork 17
msInvader Access Methods
msInvader utilizes various methods of access to interact with Microsoft 365 and Azure, each serving distinct purposes and providing unique advantages for simulating attack scenarios.
The Graph API enables msInvader to access and interact with a wide array of Microsoft 365 services. It's used to simulate attacks that exploit data and functionalities available across Microsoft's cloud ecosystem.
EWS allows msInvader to specifically target and simulate attacks on Exchange Online services, focusing on email operations and data access. Using EWS, msInvader can simulate attackers exploiting this protocol to access and manipulate email-related data.
The Exchange Online PowerShell module, commonly abused by attackers, operates through a REST API located at https://outlook.office365.com/adminapi/beta/{tenant_id}/InvokeCommand. msInvader implements a Python client to interact with this REST API, simulating how adversaries might use PowerShell commands for malicious activities.