cloud account compromise (M365 / Workspace)
tenant-level intrusion — OAuth grants, app consent abuse, mailbox rule planting, exchange transport rule tampering.
a guided path, not automation — each step opens a tool you run yourself; nothing uploads. progress is saved only in this browser.
wraps the cloud account compromise — audit kit preset — drop M365 / Google / AWS / Azure exports → parse each tenant log → unified timeline → report
guided steps
- evidence manifest generator
hash raw audit exports — most CSPs won't re-issue them
- microsoft 365 unified audit log analyzer
unified M365 audit log parsing for cross-workload events
- google takeout archive forensic parser
parse Google Takeout / Workspace activity exports
- aws cloudtrail forensic deep analyzer
deep-parse CloudTrail JSON for IAM + API abuse patterns
- azure ad sign-in log analyzer
Azure AD sign-in log analysis for OAuth / consent abuse
- forensic timeline builder
merge all tenant events into one cross-cloud timeline
suggested options · order: asc
- case report generator
draft a report identifying persistence windows + recommended revocations
suggested options · title: cloud account compromise
when you're done
export a run summary — a small JSON record of which steps you marked done, your notes, and a self-hash so the record can't be silently altered. it is your reproducibility note, not a per-tool receipt: each tool emits its own input→output receipt when you run it.