Gaining access to Office 365 user data without credentials

You read the title right, there is an easy way to gain access to a user’s Office 365 mailbox, attachments, and OneDrive data without stealing a username and password. This kind of attack is starting to appear more and more to replace the traditional phishing of credentials. In this blog post, I will demonstrate how this process works, and what you can do to prevent it in your Office 365 tenant.

Continue reading

Simulating attacks and APT Groups with MITRE’s CALDERA

Thinking of good cybersecurity measures is a different ballgame than actually testing it. Often people think that having a good firewall, strong passwords, or anti-virus software is providing them with good protection. But only when you really test what happens during an attack, you can make sure you have the correct protection in place. This is where MITRE’s CALDERA makes your life a whole lot easier.

Continue reading

Veil Evasion for bypassing antivirus software

Running your awesome payload and getting it shot down by antivirus software is kind of the same as having your Lamborghini’s launch control active and seeing a Police car parking in front of you. It kind of spoils the concept. The Veil-Evasion framework is a great way to get rid of that digital police car and have your payloads evade detection by antivirus software. In this blog post, I give you some examples of how to use Veil and obfuscate the true intentions of your payloads.

Continue reading

TinEye Reverse image search

“Search by image and find where that image appears online”, that is the slogan of TinEye. It is a great tool for anyone who has an image and want to know where that image appears online for example in a search for stolen photos. It can also notify you when a specific photo in your library suddenly appears somewhere else. Let’s check how we can benefit from this OSINT tool.

Continue reading