Abstract

The aim of this tool is to highlight how various O365 cloud services can be leverage as command & control communication channel. It can help to evade / avoid network level detection when the organizations are using O365 cloud services. It might also help to change the perspective of defenders when they find some unknown applications communicating with legitimate services.

This tools is developed in C# which leverages Microsoft Graph API’s for communicating with O365 cloud services.

Currently the tool supports 3 O365 cloud services:

Outlook OneNote Microsoft Teams