./Alec Maly's Tech Blog

Tag: Microsoft [2]

[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (Feb 29, 2024)
Exploring the M365 Power Platform as a means of privilege escalation and flexing control over a phishing victim's SharePoint, OneDrive, Outlook, and Microsoft Teams data.
M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (May 13, 2022)
An internal phishing POC leveraging Microsoft 365 citizen development tools (Power Platform). Phish for access to a target user's OneDrive and all SharePoint sites they own.

All Tags

Web (10) Hacking (10) POC (10) JavaScript (7) BugReports (5) reverse-engineering (4) Cloud (4) BugBounty (4) Debugging (3) Browser (3) Development (2) Electronjs (2) Joplin (2) TypeScript (2) SharePoint (2) Chromium (2) Game-Hacking (2) Tutorial (2) Security (2) XSS (2) PowerApps (2) Microsoft (2) Power-Platform (2) Privilege-Escalation (2) Browser-Extension (2) Credential-Dumping (2) Microsoft-Edge (1) Electron.js (1) Race-Condition (1) Unity (1) Blender (1) Payment-Gateway (1) Paypal (1) Dynamic-Testing (1) PowerShell (1) WinDbg (1) WinDbg-Preview (1) x32dbg (1) x64dbg (1) mona.py (1) pykd (1) Android (1) Frida (1) BurpSuite (1) .apk (1) Java (1) linux (1) il2cpp (1) adb (1) mobile (1) Wordpress (1) Email (1) Oracle (1) VPS (1) GraphQL (1) HackerOne (1) Pentesting (1) Python (1) CTF (1) Image-Manipulation (1) M365-Services (1) Phishing (1) Google-Maps (1) Optimization (1) CodeQL (1) BugCrowd (1) ExpressVPN (1) Power-Automate (1) M365 (1) Outlook (1) OneDrive (1) Microsoft-Teams (1) AWS (1) CodeBuild (1) Azure-DevOps (1) CICD (1) GitHub (1) TextMeshPro (1) Injection (1) C# (1)