Tradecraft Security WeeklySubscribe
Email security

Attacking Exchange/OWA to Gain Access to AD Accounts – Tradecraft Security Weekly #3

Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Security Weekly episode Beau Bullock (@dafthack) demonstrates how to utilize MailSniper to enumerate internal domains, enumerate usernames, perform password spraying attacks, and get the global address list from Exchange and Office365 portals. Links: MailSniper - https://github.com/dafthack/MailSniper http://traffic.libsyn.com/tswaudio/TSW_-_Episode_3.mp3

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Bring Your Own Device (BYOD)EavesdroppingEmail SpoofingInternet Message Access Protocol (IMAP)Post Office Protocol, Version 3 (POP3)SpamStore-and-Forward

You can skip this ad in 5 seconds