GraphRunner is a post-exploitation toolset for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and pillaging of data from a …

Oct 19, 2023 · We built a post-compromise toolset called GraphRunner for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and …

GraphRunner is a post-exploitation toolset for working with a Microsoft Entra ID (Azure AD) account. It contains various tools for accessing and manipulating data within the tenant.

Mar 4, 2025 · GraphRunner is a powerful post-exploitation toolset designed for interacting with the Microsoft Graph API, enabling red teams and attackers to perform reconnaissance, …

GraphRunner is a powerful post-exploitation toolkit for Microsoft 365 environments, providing a comprehensive set of tools for authentication, reconnaissance, data extraction, and persistence.

Oct 11, 2023 · GraphRunner is a post-exploitation toolset for working with a Microsoft Entra ID (Azure AD) account. It contains various tools for accessing and manipulating data within the …

Aug 6, 2025 · GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, …

Feb 5, 2025 · "GraphRunner is a post-exploitation toolset for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and pillaging of data …

Jun 24, 2025 · GraphRunner is a post-exploitation toolset developed by Beau Bullock and Steve Borosh from Black Hills Information Security. It is designed for interacting with Microsoft Entra …

As Defenders, how can we gain visibility into these actions? What Is GraphRunner? “Refresh tokens replace themselves with a fresh token upon every use. The Microsoft identity platform …