GraphSpy - Device Code Token Theft Made Easy

In this video, I walk you through GraphSpy, a powerful reconnaissance and attack tool for Microsoft 365 (M365) Entra (formerly Azure AD). Designed for security researchers and penetration testers, GraphSpy automates token abuse, privilege escalation, and identity reconnaissance within cloud environments. Whether you're testing for misconfigurations or simulating real-world attacks, this tool provides deep insights into OAuth abuse, over-permissioned applications, and tenant-wide security weaknesses.

We cover:

✅ Installation & Setup – How to get GraphSpy running
✅ Usage & Features – A deep dive into reconnaissance and attack capabilities
✅ Practical Demonstration – How to leverage GraphSpy for security testing

This tool is a must-know for security researchers and penetration testers working with Entra AD and M365 environments.

Chapters:
0:00 - Welcome to SYNACK Time
2:00 - Installing Python and GraphSpy
5:00 - Using GraphSpy to steal tokens
19:10 - Outtro

Resources:
GraphSpy Blog - https://insights.spotit.be/2024/04/05/graphspy-the-swiss-army-knife-for-attacking-m365-entra/
GraphSpy Github - https://github.com/RedByte1337/GraphSpy

Disabling Device Code Authentication - https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows

Right of Boom talks about Device Code Logins
https://www.youtube.com/watch?v=QGdonY59DWc

SYNACK Time - https://synacktime.com
SYNACK Time github - https://github.com/SynAckTime/

#GraphSpy #Microsoft365 #EntraID #Cybersecurity #PenTesting #RedTeam #BlueTeam #OffensiveSecurity #EthicalHacking #CloudSecurity #AzureAD #OAuth #SecurityResearch #BugBounty #BlueTeamTools #RedTeamTools #CloudPenTesting #IAMSecurity #CyberThreats #HackerTools