Hello r/Office365 – I made an Open Source PowerShell tool designed to assist with your O365 Business Email Compromise investigations.

The content below is taken from the original ( in /r/ Office365), to continue reading please visit the site. Remember to respect the Author & Copyright.

TL:DR (Give me the Github link) You can find the tool here.

It's named KITT (Knightrider reference) and was built with PowerShell Studio. KITT was designed to make working O365 Business Email Compromise investigations easier and more efficient for DFIR and SOC analysts by pairing the power of PowerShell cmdlets with the ease of use of a GUI.

This was done as part of a research project for my Master's – Full link to the research paper is here, if anyone is interested.

I'm not a dev by trade, and would appreciate feedback from seasoned devs/PowerShell gurus.

Hope you like it.