APT – Telegram

APT

Outlook Attachments

Attackers can compose an email on Outlook (or O365) and attach a file and then use the file's download link to directly download the file. Restricted file types would first need to have their file extension modified (e.g. mimikatz.exe becomes mimikatz.exe.txt) and then upon download the file extension is modified back to the original extension.

1. Compose an email
2. Attach a file (add .txt to the end if it's a restricted file type)
3. Click on the file to download it and grab the link (attachment.outlook.live.net or attachment.office.net)

Link is valid for ~15 minutes.

#outlook #attachments #redteam #phishing

526 viewsedited 08:25

APT

KnockOutlook

KnockOutlook is a C# project that interacts with Outlook's COM object in order to perform a number of operations useful in red team engagements.

https://github.com/eksperience/KnockOutlook

#exchange #outlook #com #recon

GitHub

GitHub - eksperience/KnockOutlook: A little tool to play with Outlook

A little tool to play with Outlook. Contribute to eksperience/KnockOutlook development by creating an account on GitHub.

810 views16:13

APT

👩‍💻 Azure Outlook Command & Control

Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid/ScarCruft/APT37.

🔗 https://github.com/boku7/azureOutlookC2

#c2 #azure #outlook #graphapi #redteam

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - boku7/azureOutlookC2: Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook…

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP...

👍8

4.47K views11:13

About

Blog

Apps

Platform