Malicious Outlook Rule without an EXE

Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]

Read the entire post here

External/Internal, How-To, Red Team Outlook

Malicious Outlook Rules in Action

Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make […]

Read the entire post here

Red Team, Red Team Tools Digital Ocean, Outlook, OWA, webDAV

Deploying a WebDAV Server

Carrie Roberts // There are various reasons why having a webDAV server comes in handy. The main reason I created one was to execute a malicious Outlook rule attack as […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team 2FA, Beau Bullock, Email, EWS, MailSniper, Microsoft, Outlook, OWA, OWA portal, Vulnerabilities

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

Read the entire post here