Detects high-risk OAuth app consent grants in Azure AD/Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent attacks.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
非法同意授权攻击(Illicit Consent Grant Attack)诱骗用户在 Azure AD / Microsoft Entra ID 中向恶意 OAuth 应用程序授予过多权限。本 skill 使用 Microsoft Graph API 枚举 OAuth2 权限授权,分析应用程序权限是否范围过于宽泛,审查授权同意事件的目录审计日志,并根据发布者验证状态和权限范围标记高风险应用程序。
Detects illicit OAuth consent grants in Azure AD/Entra ID via Microsoft Graph API, audit logs, and permission analysis. Flags risky apps for security incident response and threat hunting.
Detects risky OAuth application consent grants in Azure AD/Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent attacks. For SOC analysts and threat hunting.
Performs OAuth 2.0 scope minimization reviews to identify over-authorized third-party app integrations, excessive API scopes, unused token grants, and high-risk consent patterns across IdPs and SaaS platforms. Useful for audits, API permission reviews, and third-party risk assessments.
Share bugs, ideas, or general feedback.
非法同意授权攻击(Illicit Consent Grant Attack)诱骗用户在 Azure AD / Microsoft Entra ID 中向恶意 OAuth 应用程序授予过多权限。本 skill 使用 Microsoft Graph API 枚举 OAuth2 权限授权,分析应用程序权限是否范围过于宽泛,审查授权同意事件的目录审计日志,并根据发布者验证状态和权限范围标记高风险应用程序。
Application.Read.All、AuditLog.Read.All、Directory.Read.All 权限的 Microsoft Graph API 访问msal、requests/oauth2PermissionGrants 枚举所有 OAuth2 权限授权Consent to application 事件的目录审计日志