Skip to content

OAuthPermissions‐Analyzer

Jump to bottom
evild3ad edited this page Apr 27, 2024 · 3 revisions

TL;DR

OAuthPermissions-Analyzer.ps1 is a PowerShell script utilized to simplify the analysis of M365 OAuth Permissions extracted via Microsoft-Extractor-Suite by Invictus-IR.

MFA-Analyzer
Fig 1: OAuthPermissions-Analyzer

Application-Permissions
Fig 2: Application Permissions

Delegated-Permissions
Fig 3: Delegated Permissions → eM Client (Traitorware)

ClientDisplayName-AppId-Statistics
Fig 4: ClientDisplayName / AppId (Stats)

PermissionType-Permission-Statistics
Fig 5: PermissionType / Permission (Stats)

PublisherName-ClientDisplayName-Statistics
Fig 6: PublisherName / ClientDisplayName (Stats)

Stats-Directory
Fig 7: Statistics

Links

M365_Oauth_Apps - Repository of suspicious Enterprise Applications (BEC)
Microsoft Graph permissions reference
App consent grant investigation

Clone this wiki locally