Copilot Interactive ChatLearn More
If you’d like to learn more about any of these modules, or want some help in running the scans yourself, get in touch with us and we’ll be happy to walk you through it, analyze the results, and more!
The Zenity Security Assessment Hub, built by Zenity Labs, helps security teams take a Red-Team approach to visualize threats across Microsoft 365, with a focus on 365 Copilot, Copilot Studio, and Power Platform.
Copilot Hunter
Copilot Hunter has two modules
- Deep Scan which finds open Copilot Studio bots based on domains or tenant IDS
- Enum which compiles lists of environment and tenant IDs from Power Platform API subdomains
PowerDump
- Generate access tokens to fetch available resources in Microsoft PowerApps
- Perform advanced actions on the discovered resources
- Dump all available information in Power Platform into a local directory
- Basic GUI for presenting the collected resources and data
Copilot Connector & Chat Automator
- Interact with Copilot for Microsoft 365 through WebSocket messages and undocumented APIs to implement any process that requires interaction with Copilot
- Facilitate automated processes with Copilot, handling all interactions (prompts and responses) and ease implementation, so security teams can focus on the actual business logic of the process
Copilot M365 Dump
- Explore Microsoft Copilot 365 to extract emails and their contents, enumerate and extract Sharepoint site content, and harvest credentials and passwords
Copilot M365 Whoami
- Extract information about the current user of Microsoft 365 Copilot including:
- Personal data like their name, title, email, manager
- What Sharepoint sites, documents, and sensitive data they have access to
- Other details like their weekly schedule, emails, and collaborators and contact information
Install a Backdoor
- Maintain persistence on Power Platform by installing an automation factory that creates, executes, and delete arbitrary commands
Internal Phishing
- Set up internal phishing applications on Microsoft-owned domains, which automatically authenticates as users click and go to the link
No-Code Malware
- Repurpose trusted executables, service accounts, and cloud services in the Microsoft Power Platform ecosystem to power a malware operation
Spearphishing
- Explore the latest interactions with compromised accounts or user of its victims
- Craft highly personalized emails to send to targets
Power Pages
- Conducts a scan to test and alert of any anonymous access to Dataverse tables via power pages
- Can be performed either via the apis or OData feeds
