Skip to main content
Red Canary Support

Generating Office 365 UAL Telemetry Threats in Red Canary

Comments

1 comment

  • Ben Bernstein

    Alternatively you can save and run the following as a powershell script (.ps1)

    $headers = @{
        "Content-Type" = "application/x-www-form-urlencoded"
        "User-Agent" = "rccar-377b44f768952347e90084f736b81f68ac2a662c9067384b333d59ffdf4e3d04-rccar"
    }

    $body = "client_id=00000003-0000-0000-c000-000000000000&grant_type=password&scope=.default%20openid%20profile&username=<INSERT_UPN_HERE>&password=FAILED_PASSWORD"

    $response = Invoke-WebRequest -Uri "https://login.microsoftonline.com/<INSERT_TENANT_ID_HERE>/oauth2/v2.0/token" -Method POST -Headers $headers -Body $body
    0

Please sign in to leave a comment.