External/Internal

Author, Beau Bullock, External/Internal, Red Team, Red Team Tools, Webcasts Email, MS, OWA, Vulnerabilities

WEBCAST: Exchange and OWA attacks – Step by Step

Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.

Read the entire post here

External/Internal, How-To, Red Team Outlook

Malicious Outlook Rules in Action

 Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make […]

Read the entire post here

External/Internal, Red Team Carrie Roberts, Let's Encrypt, PowerShell, PowerShell Empire, Trusted Certificate

Using PowerShell Empire with a Trusted Certificate

Carrie Roberts* // Using a trusted certificate and non-default Empire options will help increase your chances of getting a successful session out of a network. Follow these instructions to get […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team 2FA, Beau Bullock, Email, EWS, MailSniper, Microsoft, Outlook, OWA, OWA portal, Vulnerabilities

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team NTFS Permissions, pen-testing, Pentesting

How to Take Advantage of Weak NTFS Permissions

David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, FindPeople, Get-GlobalAddressList, Invoke-PasswordSprayOWA, InvokePasswordSprayEWS, MailSniper, OWA, updates

Attacking Exchange with MailSniper

Beau Bullock // I’ve added in a few modules to MailSniper that will assist in remote attacks against organizations that are hosting an externally facing Exchange server (OWA or EWS). Specifically, […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team Beau Bullock, hunting, Pentesting, pillaging, red teaming, sensitive info, yolo

Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data

Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]

Read the entire post here

External/Internal, Red Team Brute Forcing, Listeners, PowerShell, SET

Adding Egress Brute Force to PowerShell Payloads

Guest post* by Robert Schwass // We’ve all been there. You craft the perfect phishing email, register a great domain name, your multi handler is set up ever so perfectly. And […]

Read the entire post here

External/Internal, Red Team Burp, Duct Tape, Mechanical Engineering, password spraying, pen-testing

Downloading an Address Book from an Outlook Web App (OWA) Portal

Carrie Roberts //  Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]

Read the entire post here