-
Notifications
You must be signed in to change notification settings - Fork 73
/
Display Name Spoofing 365.ps1
55 lines (42 loc) · 3.3 KB
/
Display Name Spoofing 365.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
##This script will grab the Display Names of all your Office 365 users
##and put them into a rule that prevents people from spoofing the Display Name.
##It's a very common phishing attack attempt. The first 3 lines of this script though
##is how I connect to Office 365 while having Two Factor Authentication enabled.
##You may need to adjust for your needs. I have another script on my Github
##that explains more. https://github.com/Scine/Office365
Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
$EXOSession = New-ExoPSSession
Import-PSSession $EXOSession
$ruleName = "External Senders with matching Display Names (Domain1)"
$rule = Get-TransportRule | Where-Object {$_.Identity -contains $ruleName}
$displayNames = (Get-Mailbox | Where {$_.EmailAddresses -like "*@domain1.com"}).DisplayName
if (!$rule) {
Write-Host "Rule not found, creating rule" -ForegroundColor Green
New-TransportRule -Name $ruleName -Priority 0 -FromScope "NotInOrganization" -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -Quarantine $true -ExceptIfFrom "[email protected]" -ExceptIfSentTo "[email protected]"
}
else {
Write-Host "Rule found, updating rule" -ForegroundColor Green
Set-TransportRule -Identity $ruleName -Priority 0 -FromScope "NotInOrganization" -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -Quarantine $true -ExceptIfFrom "[email protected]" -ExceptIfSentTo "[email protected]"
}
$ruleName = "External Senders with matching Display Names (Domain2)"
$rule = Get-TransportRule | Where-Object {$_.Identity -contains $ruleName}
$displayNames = (Get-Mailbox | Where {$_.EmailAddresses -like "*@domain2.com"}).DisplayName
if (!$rule) {
Write-Host "Rule not found, creating rule" -ForegroundColor Green
New-TransportRule -Name $ruleName -Priority 0 -FromScope "NotInOrganization" -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -Quarantine $true -ExceptIfFrom "[email protected]" -ExceptIfSentTo "[email protected]"
}
else {
Write-Host "Rule found, updating rule" -ForegroundColor Green
Set-TransportRule -Identity $ruleName -Priority 0 -FromScope "NotInOrganization" -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -Quarantine $true -ExceptIfFrom "[email protected]" -ExceptIfSentTo "[email protected]"
}
$ruleName = "External Senders with matching Display Names (Domain3)"
$rule = Get-TransportRule | Where-Object {$_.Identity -contains $ruleName}
$displayNames = (Get-Mailbox | Where {$_.EmailAddresses -like "*@domain3.com"}).DisplayName
if (!$rule) {
Write-Host "Rule not found, creating rule" -ForegroundColor Green
New-TransportRule -Name $ruleName -Priority 0 -FromScope "NotInOrganization" -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -Quarantine $true -ExceptIfFrom "[email protected]" -ExceptIfSentTo "[email protected]"
}
else {
Write-Host "Rule found, updating rule" -ForegroundColor Green
Set-TransportRule -Identity $ruleName -Priority 0 -FromScope "NotInOrganization" -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -Quarantine $true -ExceptIfFrom "[email protected]" -ExceptIfSentTo "[email protected]"
}