Tag: PowerApps
- [$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
Exploring the M365 Power Platform as a means of privilege escalation and flexing control over a phishing victim's SharePoint, OneDrive, Outlook, and Microsoft Teams data. - M365 Internal Phish: Abusing the Power Platform for SharePoint/OneDrive Privilege Escalation (13 May 2022)
An internal phishing POC leveraging Microsoft 365 citizen development tools (Power Platform). Phish for access to a target user's OneDrive and all SharePoint sites they own. - Scanning and Hooking Dynamic, Client-Side Data in Modern Web Applications (22 Nov 2021)
Scanning the DOM for interesting data + hooking getters/setters. Demonstrating POC w/ a PowerApps example.