Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of getting JWT tokens, but one (1) of the primary ways is through phishing. In this blog, we are going to explore strategies on gaining maximum efficiency with Office tokens, different…
Read
1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold…
Read
See how Research Team Lead Carlos Perez dissects a sample of a OneNote document that was used to deploy ASyncRAT, an open-source remote admin tool, to enable phishing attacks. You’ll find out how these OneNote files are now being used by threat actors and where to find the location that ASyncRAT is being downloaded and…
Read
1 Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun to look at a sample. It turns out there are a lot of similarities between embedding malicious code into a OneNote document and the old macro/VBA techniques for Office…
Read
Introduction 2022 was a tough year. It seemed like no one was safe. Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, Okta, Uber—and those were just some of Lapsus$’s breaches. What’s a Script Kiddie to do to be better protected in 2023? Another year in the books, and it was another big year for cybersecurity. While 2022 did…
Read
Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s), and uses this…
Read
I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…
Read
Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…
Read
TL;DR: User Enumeration is key. Done enumerating? Do more. The classic passwords still work. Once you get some credentials, get more. Office 365 (O365) has become a trend in organizations. More and more, administrators are offloading their mail to The Cloud™. No longer are admins shackled to their Exchange servers, executing patch after patch in…
Read
It’s that time of year again, Merry Phishmas!! Holidays are the prime time of the year for attackers to send Phishing campaigns. Whether you are looking for the best deal on Black Friday, the best Christmas gift for that special family member, or a Holiday greeting from employees, employers, or costumers, there are plenty…
Read