MICROSOFT 365 By Peter Deegan The quickly changing and poorly documented state of Outlook (new) for Windows continues to expose its missing features and its many complications, despite improvements. Microsoft doesn’t help with its single-minded campaign to push people to the newer Outlook as soon as possible. Don’t be fooled by Microsoft’s drive, and stick […]

I can’t take it anymore. I am making an executive decision. Henceforth and forevermore, in all things AskWoody and in a mighty effort to Tame Our Tech, no parentheses will be harmed in the making of our content. Therefore, we will no longer refer to the forever-upcoming version of Outlook as “Outlook (new)” and instead […]

 Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]

The post Malicious Outlook Rule without an EXE appeared first on Black Hills Information Security, Inc..

 Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make […]

The post Malicious Outlook Rules in Action appeared first on Black Hills Information Security, Inc..

Carrie Roberts // There are various reasons why having a webDAV server comes in handy. The main reason I created one was to execute a malicious Outlook rule attack as […]

The post Deploying a WebDAV Server appeared first on Black Hills Information Security, Inc..

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

The post Bypassing Two-Factor Authentication on OWA & Office365 Portals appeared first on Black Hills Information Security, Inc..