TS Episode03

From Security Weekly Wiki
Jump to navigationJump to search

Tradecraft Security Weekly - Episode 03

Host

  • Beau Bullock, @dafthack, Penetration Tester at Black Hills Information Security
  • Episode Audio

    [] Coming Soon

    Recorded May 24, 2017


    Attacking Exchange/OWA to Gain Access to AD Accounts

    Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Security Weekly episode Beau Bullock (@dafthack) demonstrates how to utilize MailSniper to enumerate internal domains, enumerate usernames, perform password spraying attacks, and get the global address list from Exchange and Office365 portals.

    Links:

    Category Science & Technology License Creative Commons Attribution license (reuse allowed)