RedKite
1.0.3
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags po
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags possible supicious activity, where further investigation may be required.
Checks include;
Delete or mark messages as read
Move messages to folders silently
Forward emails externally
Recent Mailbox Changes
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
(c) 2025 James Erskine. All rights reserved.
Package Details
Author(s)
- James Erskine
Tags
phishing exchange o365 compromised breach security inbox_rules audit forensics investigation forwarding
Functions
Write-Log Test-RequiredModules Start-Redkite Get-M365PhishIndicators
Dependencies
-
- ExchangeOnlineManagement (>= 3.0.0)
- Microsoft.Graph.Users (>= 2.0.0)
Release Notes
1.0.3
- Changed CSV output to exclude mailboxes with no alerts. If no alerts found across the tenant this will be displayed.
- Alias mailboxes will now show as an aliases in the log instead of mailbox does not exist.
ReleaseNotes = 1.0.2
- Added automatic installation option for required modules.
- Improved handling of module dependencies and session imports.
- Updated module to import only specific Microsoft.Graph.Users component.
FileList
- RedKite.nuspec
- readme.md
- RedKite.psd1
- RedKite.psd1.bak
- RedKite.psm1
- RedKite.psm1.bak
- redkite2025.cer
- Redkite 1.0.0.1\License.txt
- Redkite 1.0.0.1\readme.md
- Redkite 1.0.0.1\RedKite.psd1
- Redkite 1.0.0.1\RedKite.psd1.bak
- Redkite 1.0.0.1\RedKite.psm1
- Redkite 1.0.0.1\redkite2025.cer
- License.txt