Good reference:
{% embed url="https://www.crummie5.club/the-lone-sharepoint/" %}
{% embed url="https://medium.com/@ujmalhotra95/tales-of-sharepoint-api-misconfigurations-11073ad384fd" %}
# 1. Fuzz exposed endpoints
# 2. Analyze misconfigs to gain auth access
# 3. Check the list of latest RCEs