7MS #611: Pentestatonix

Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures. I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I've picked up from recent engagements:

• GraphRunner - awesome PowerShell toolkit for interacting with Microsoft Graph API. From a pentesting perspective, it may help you bridge the "gap" between LAN-side AD and Azure and find some goodies - like files with and XSLX extension containing the word password.
• PowerUpSQL -I typically use this to make SQL servers cough me up a hash via SMB using stored procedures, but I learned this week that I'll deeeefffffinitely use the Invoke-SQLAudit -Verbose functionality going forward.