Events
eBooks
White Papers
Case Studies
Videos
Webinars
Glossary
About Us
Careers
Zenity Security Assessment Hub
News
Partners
Contact
Trust Center
Copilot Hunter
Copilot Hunter has two modules
- Deep Scan which finds open Copilot Studio bots based on domains or tenant IDS
- Enum which compiles lists of environment and tenant IDs from Power Platform API subdomains
PowerDump
- Generate access tokens to fetch available resources in Microsoft PowerApps
- Perform advanced actions on the discovered resources
- Dump all available information in Power Platform into a local directory
- Basic GUI for presenting the collected resources and data
Copilot Connector & Chat Automator
- Interact with Copilot for Microsoft 365 through WebSocket messages and undocumented APIs to implement any process that requires interaction with Copilot
- Facilitate automated processes with Copilot, handling all interactions (prompts and responses) and ease implementation, so security teams can focus on the actual business logic of the process
Copilot Interactive Chat
- Enable chat with Copilot M365 through the powerpwn terminal
Copilot M365 Dump
- Explore Microsoft Copilot 365 to extract emails and their contents, enumerate and extract Sharepoint site content, and harvest credentials and passwords
Copilot M365 Whoami
- Extract information about the current user of Microsoft 365 Copilot including:
- Personal data like their name, title, email, manager
- What Sharepoint sites, documents, and sensitive data they have access to
- Other details like their weekly schedule, emails, and collaborators and contact information
- And more!
Install a Backdoor
- Maintain persistence on Power Platform by installing an automation factory that creates, executes, and delete arbitrary commands
Internal Phishing
- Set up internal phishing applications on Microsoft-owned domains, which automatically authenticates as users click and go to the link
No-Code Malware
- Repurpose trusted executables, service accounts, and cloud services in the Microsoft Power Platform ecosystem to power a malware operation
Spearphishing
- Explore the latest interactions with compromised accounts or user of its victims
- Craft highly personalized emails to send to targets
