First of all, thank you for this fantastic tool. It has been incredibly useful, especially in enumerating CAPs and eligible role assignments as a low-privileged user, which has significantly helped in many assessments.
However, I noticed a potential issue:
Eligible members/owners of groups (PIM for groups) are not being enumerated.
For example:
-
While I can see that the group has the Global Administrator role assigned:
-
I'm unable to see the eligible members and owners of the group:
-
However, in the portal, it is visible that the group has eligible owners/members:
Therefore, assignments to groups which have privileged roles could be missed.
First of all, thank you for this fantastic tool. It has been incredibly useful, especially in enumerating CAPs and eligible role assignments as a low-privileged user, which has significantly helped in many assessments.
However, I noticed a potential issue:
Eligible members/owners of groups (PIM for groups) are not being enumerated.
For example:
While I can see that the group has the Global Administrator role assigned:
I'm unable to see the eligible members and owners of the group:
However, in the portal, it is visible that the group has eligible owners/members:
Therefore, assignments to groups which have privileged roles could be missed.