Releases: LETHAL-FORENSICS/Microsoft-Analyzer-Suite
Releases · LETHAL-FORENSICS/Microsoft-Analyzer-Suite
Microsoft-Analyzer-Suite v1.3.0
[1.3.0] - 2025-01-27
Added
- UAL-Analyzer: UserAgent-Blacklist.csv
- UAL-Analyzer: MailItemsAccessed → AppId-AppDisplayName (Stats)
- UAL-Analyzer: ClientInfoString and Mailbox Synchronization detection of eM Client (Traitorware)
- EntraAuditLogs-Analyzer: UserAgent-Blacklist.csv
- EntraAuditLogs-Analyzer: Activity (Line Chart)
- EntraSignInLogs-Analyzer: UserAgent-Blacklist.csv
- EntraSignInLogs-Analyzer: SignInEventTypes (Stats)
Fixed
- ReadTheDocs links of the Microsoft-Extractor-Suite documentation updated
- Multiple minor fixes and improvements
Fig 1: ClientInfoString (Stats) → 'Client=OWA;Action=ViaProxy' and 'Client=WebServices;eM Client'
Fig 2: Investigating Mailbox Synchronization (MailItemsAcessed by ApplicationId → Count by InternetMessageId)
Microsoft-Analyzer-Suite v1.2.0
[1.2.0] - 2025-01-20
Added
- ADAuditLogsGraph-Analyzer → EntraAuditLogs-Analyzer
- ADSignInLogsGraph-Analyzer → EntraSignInLogs-Analyzer
- EntraSignInLogs-Analyzer: Intune Bypass / Device Compliance Bypass
- MailboxAuditStatus-Analyzer*
- MailboxPermissions-Analyzer*
- Devices-Analyzer*
- Helper-Script: Updater v0.3
- SECURITY.md
Note
The three new scripts require Microsoft-Extractor-Suite v3.0.0 , which will be released very soon. Stay tuned! 🚀
Tip
Check out the testing branch of the Microsoft-Extractor-Suite for early testing! 😉
Microsoft-Analyzer-Suite v1.1.0
[1.1.0] - 2024-12-17
Added
- Performance Improvement: Inefficient addition operator for arrays → Generic lists
- ASN-Blacklist updated
- Helper-Script: Get-AssignedRoles.ps1
Microsoft-Analyzer-Suite v1.0.1
[1.0.1] - 2024-11-21
Fixed
- MFA-Analyzer: Input Filename Change (User Registration Details). Reported by @DoubtfulTurnip
Microsoft-Analyzer-Suite v1.0.0
[1.0.0] - 2024-11-20
Added
- UAL-Analyzer: UserLoginFailed.xlsx
- UAL-Analyzer: Device Code Authentication failed (CmsiInterrupt)
- IPinfo.io Subscription Check added to all PowerShell scripts
- All PowerShell scripts are now digitally signed with a valid code signing certificate
Changed
- CHANGELOG.md