Credits & Acknowledgements

There has been a great deal of research into leveraging Microsoft APIs for offensive purposes by countless amazing individuals. Many other tools have come before GraphRunner and some GraphRunner features may touch on similar capabilities. GraphRunner is meant to supplement these tools and not be a replacement. All of the tools and research listed below should be incorporated into your workflows alongside GraphRunner and you should follow each of the authors to stay up to date on the latest Azure/M365 attacks.

ROADTools by Dirk-jan

AADInternals by DrAzureAD

TeamFiltration by Flangvik

TokenTactics by rvrsh3ll

AzureHound by SpecterOps

O365-Attack-Toolkit by MDSec

365-Stealer by Altered Security

Snaffler by mikeloss and sh3r4_hax

SnaffPoint by nheiniger