Octoberfest7
commented
6 months ago Hey, thanks for your work!
I was informed about the current bypass no longer working a day or two ago, but appreciate you mentioning it here. I'll have to consider what to do.
I am buried with work right now, but I will get to this at some point along with the other open pull request!
Hi @Octoberfest7 and offsec community! First of all thank you for sharing this amazing tool with us! I really appreciated it from the first release. While testing the current version, the awesome splash screen warning bypass technique added by @almart seems to be finally fixed by MS (warning screen is shown regardless of chat group members). However, I still consider this tool valuable as with some good social engineering techniques the warning message may be skipped by some users. I spend some time with the MSAL authentication and finally realized that MSA accounts can also be used to perform the same task as organizational ones. It took some time to add this functionality in TeamsPhisher, but I think this feature could be really useful for some folks as MS recently limited the creation of free M365 developer tenants (see: https://devblogs.microsoft.com/microsoft365dev/stay-ahead-of-the-game-with-the-latest-updates-to-the-microsoft-365-developer-program). It would be great if you find some time to review and accept those changes. Feedback appreciated :)