Analyzes Office 365 unified audit logs via Microsoft Graph API to detect account compromise indicators: forwarding rules, inbox delegation, suspicious OAuth apps, BEC traces. Useful for cloud security investigations.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
商业邮件欺诈(Business Email Compromise,BEC)攻击通常会在 Office 365 审计日志中留下痕迹:可疑的收件箱规则创建、将邮件转发到外部地址、邮箱委托更改以及未经授权的 OAuth 应用授权。本 skill 使用 Microsoft Graph API 查询统一审计日志,枚举各邮箱的收件箱规则,检测转发配置,并识别账户失陷指标。
Parses Office 365 audit logs via Microsoft Graph API to detect account compromise like forwarding rules, inbox delegation, OAuth grants, and suspicious events.
Parses Office 365 Unified Audit Logs via Microsoft Graph API to detect account compromise indicators like forwarding rules, inbox delegation, and OAuth grants. For SOC incident investigations and threat hunting.
Detects compromised O365 and Google Workspace email accounts by analyzing inbox rules, suspicious logins, forwarding rules, and abnormal API access patterns. Useful for cybersecurity incident response.
Share bugs, ideas, or general feedback.
商业邮件欺诈(Business Email Compromise,BEC)攻击通常会在 Office 365 审计日志中留下痕迹:可疑的收件箱规则创建、将邮件转发到外部地址、邮箱委托更改以及未经授权的 OAuth 应用授权。本 skill 使用 Microsoft Graph API 查询统一审计日志,枚举各邮箱的收件箱规则,检测转发配置,并识别账户失陷指标。
AuditLog.Read.All、MailboxSettings.Read、Mail.Read(应用权限)msal、requests 库