❌

Normal view

Received β€” 11 January 2026 ⏭ Black Hills Information Security, Inc.

Malicious Outlook Rule without an EXE

By: BHIS
20 December 2016 at 17:16

Β Carrie RobertsΒ // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]

The post Malicious Outlook Rule without an EXE appeared first on Black Hills Information Security, Inc..

Malicious Outlook Rules in Action

By: BHIS
29 November 2016 at 16:01

Β Carrie RobertsΒ // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great postΒ including enough information to make […]

The post Malicious Outlook Rules in Action appeared first on Black Hills Information Security, Inc..

Deploying a WebDAV Server

By: BHIS
9 November 2016 at 21:41

Carrie Roberts // There are various reasons why having a webDAV server comes in handy. The main reason I created one was to execute a malicious Outlook rule attack as […]

The post Deploying a WebDAV Server appeared first on Black Hills Information Security, Inc..

Bypassing Two-Factor Authentication on OWA & Office365 Portals

By: BHIS
2 November 2016 at 16:00

Beau Bullock // Full Disclosure:Β Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

The post Bypassing Two-Factor Authentication on OWA & Office365 Portals appeared first on Black Hills Information Security, Inc..

❌