All I Want For The Holidays Is…. Powerpwn

In the ever-evolving landscape of cybersecurity, the use of open-source red teaming tools has become indispensable. These tools not only raise awareness about potential vulnerabilities but also encourage security teams to think like attackers so they can begin the process of protecting their organizations against them. By simulating real-world attack scenarios, organizations can better understand their security posture and proactively address weaknesses. This approach is crucial in a world where cyber threats are becoming increasingly sophisticated and pervasive. It becomes even more critical in the world of AI Agents and business-led development, where things today are different from yesterday, and will be different from tomorrow. 

Zenity Labs’ 12 Days of Giving: A Comprehensive Security Assessment Hub

We have now concluded our ‘The 12 Days of Giving’ giving in which we introduced our comprehensive Security Assessment Hub, and detailed each of the 10 free open-source tools delivered by Zenity Labs under the “Powerpwn” umbrella that comprise the Hub. The Hub empowers security teams to visualize and mitigate risks with free red team tools. It’s an invaluable resource collection for anyone looking to identify vulnerabilities across the Microsoft 365 ecosystem, including 365 Copilot, Copilot Studio, and Power Platform with principles that can be applied more broadly across the technology ecosystem.

Copilot Hunter: Unveiling Vulnerabilities

On the second day, we spotlighted Copilot Hunter, a tool initially launched at BlackHat 2024. Copilot Hunter is designed to scan for publicly accessible Copilots and use fuzzing and Generative AI to exploit them, extracting sensitive enterprise data. It provides security and red teams with concrete configurations and insights on building secure and reliable AI Agents. With its two distinct modules, Copilot Hunter helps identify open Copilot Studio bots and compile lists of environment and tenant IDs that might expose the organization to risk.

PowerDump: Comprehensive Data Extraction

The third day brought PowerDump, a module that generates access tokens to identify available resources in Microsoft PowerApps and perform advanced actions. PowerDump can dump all available information from a PowerPlatform tenant into a local directory, providing insights into widely shared resources and credentials. This tool is essential for identifying business-critical resources and credentials across the organization and guest users.

Copilot Connector & Chat Automator: Automated Vulnerability Detection

On the fourth day, Zenity Labs introduced Copilot Connector & Chat Automator. These modules enable red teamers to have automated conversations with enterprise AI Agents through WebSocket messages and undocumented APIs. By facilitating automated processes, security teams can identify exposed sensitive data and vulnerabilities, allowing them to focus on the actual business logic behind AI processes.

Copilot M365 Whoami: Intelligence Gathering

The fifth day featured Copilot M365 Whoami, a tool that gathers intelligence about how users utilize Microsoft 365 Copilot. It provides insights into accessible documents, available SharePoint sites, emails, collaborators, and more. This tool helps security admins assess what sensitive or business-critical data is being overshared across the enterprise.

Copilot M365 Dump: Deep Data Extraction

On the sixth day, Zenity Labs unveiled Copilot M365 Dump, which takes the capabilities of Whoami further by dumping the content of all files, emails, SharePoint sites, and more that the user has access to. It also looks for passwords and credentials in emails, calendar invites, or messages, making it a classic red team tool for discovering sensitive content throughout the enterprise.

Internal Phishing: Phishing Simulation

The seventh day introduced Internal Phishing, a module that allows red teams to install a trustworthy Canvas or Power App and share it with the organization to start phishing in one click. This tool educates security teams about organizational maturity regarding business-led development and how to deal with phishing attacks from a hacker’s perspective.

Copilot Interactive Chat: Seamless Communication

On the eighth day, Zenity Labs presented Copilot Interactive Chat, which enables seamless communication with Microsoft 365 Copilot through the PowerPwn terminal. This tool helps uncover access tokens and identify weak spots in an organization’s security and governance posture.

Install a Backdoor: Maintaining Persistence

The ninth day featured a tool for installing a backdoor to maintain persistence within a tenant… even if the user is no longer a part of the organization!! With this persistence, these actors can read data and even execute commands. This module allows security admins and red teams to expose the attack surface from outside the organization and keep Microsoft 365 safe from double agents.

No-Code Malware: Demonstrating Risks

On the tenth day, Zenity Labs introduced No-Code Malware, a tool that shows how citizen developers can inadvertently create AI Agents and automations that bad actors can repurpose to power malware operations. This tool demonstrates how these automations can distribute payloads, bypass perimeter controls, and execute on victim’s machines to exfiltrate data.

Spearphishing: Targeted Attacks

The eleventh day brought Spearphishing, a tool that uses AI Agents to craft highly personalized emails targeting contacts and collaborators. This tool helps red teams assess their organization’s protection against phishing attacks that can quickly spiral if not managed.

PowerPwn: The Ultimate Red Team Tool

Finally, today, we’re wrapping up the series by bringing it back to PowerPwn, a comprehensive tool that summarizes the benefits of each individual free tool introduced over the 12 days. PowerPwn is designed to help security teams leverage these tools to enhance their security posture.

Conclusion: Securing AI Agents and Citizen Development Together

The importance of using open-source red teaming tools cannot be overstated. They provide invaluable insights into potential vulnerabilities and help organizations proactively address security risks. As highlighted in a recent DarkReading article, the open-source community plays a crucial role in securing AI Agents and citizen development. By leveraging these tools, we can collectively enhance our security posture and protect our digital ecosystems. 

We are also always on the lookout for collaborators! For more insights on how to protect your organization after running PowerPWN, check out this comprehensive guide on GitHub and let us know your thoughts. Together, we can secure our AI-driven future and ensure that our digital transformation efforts are both innovative and secure.