Welcome! You are invited to join a webinar: GraphRunner: A Post-Exploitation Toolset for M365 – Beau Bullock & Steve Borosh | 1-Hour . After registering, you will receive a confirmation email about joining the webinar.

In the rapidly evolving realm of cloud productivity suites, Microsoft 365 (M365) has solidified its position as a fundamental resource for numerous organizations. While M365 presents a host of opportunities, it equally introduces challenges. By default, M365 offers a range of security measures within its tenant structure. However, it also contains a number of default configurations that hold the potential for exploitation by malicious actors. This talk focuses on a new post-exploitation toolset called GraphRunner, that can be used to exploit certain default M365 configurations. During this Black Hills Information Security (BHIS) webcast, Beau and Steve will provide an in-depth exploration of GraphRunner’s features, showcasing its role in elevating post-exploitation strategies. Designed to empower both red team professionals and defenders, this toolset equips users with a means to navigate the intricate Graph API at the heart of M365 and manipulate it for offensive purposes. GraphRunner offers functionalities that aid in lateral movement, data exfiltration, privilege escalation, and persistence within M365 accounts. By offering practical demonstrations of the toolset’s capabilities, this talk aims to bridge the gap between theoretical attack concepts and their tangible real-world application. Chat with your fellow attendees in the Black Hills Infosec Discord server here: https://discord.gg/BHIS -- in the #webcast-live-chat channel.