❌

Reading view

Stealing 2FA Tokens on Red Teams with CredSniper

Mike Felch // More and more organizations are rolling out mandatory 2FA enrollment for authentication to external services like GSuite and OWA. While this is great news because it creates […]

The post Stealing 2FA Tokens on Red Teams with CredSniper appeared first on Black Hills Information Security, Inc..

  •  
  •  

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure:Β Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

The post Bypassing Two-Factor Authentication on OWA & Office365 Portals appeared first on Black Hills Information Security, Inc..

  •  

Question: Β What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal?

Carrie RobertsΒ // Answer:Β Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described hereΒ in this great post by Beau Bullock. […]

The post Question: Β What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal? appeared first on Black Hills Information Security, Inc..

  •  
❌