You read the title right, there is an easy way to gain access to a user’s Office 365 mailbox, attachments, and OneDrive data without stealing a username and password. This kind of attack is starting to appear more and more to replace the traditional phishing of credentials. In this blog post, I will demonstrate how this process works, and what you can do to prevent it in your Office 365 tenant.
Continue readingCategory Archives: Tools
Simulating attacks and APT Groups with MITRE’s CALDERA
Thinking of good cybersecurity measures is a different ballgame than actually testing it. Often people think that having a good firewall, strong passwords, or anti-virus software is providing them with good protection. But only when you really test what happens during an attack, you can make sure you have the correct protection in place. This is where MITRE’s CALDERA makes your life a whole lot easier.
Continue readingVeil Evasion for bypassing antivirus software
Running your awesome payload and getting it shot down by antivirus software is kind of the same as having your Lamborghini’s launch control active and seeing a Police car parking in front of you. It kind of spoils the concept. The Veil-Evasion framework is a great way to get rid of that digital police car and have your payloads evade detection by antivirus software. In this blog post, I give you some examples of how to use Veil and obfuscate the true intentions of your payloads.
Continue readingBadBlood: Active Directory object creator and security generator
We all know the issue. You just installed Active Directory Domain Services but everything is empty. To start testing you need to create all sorts of objects which cost a lot of time. This is where BadBlood comes to rescue.
Continue readingShodan Eye: Search tool for Shodan
The Shodan Eye tool is part of a collection of Ethical Hacking tools written by fellow Dutchie Jolanda de Koff, a.k.a. Bulls Eye. It is a Python script to easily search Shodan and save your results locally for further analysis. Let’s give this one a try.
Continue readingTinEye Reverse image search
“Search by image and find where that image appears online”, that is the slogan of TinEye. It is a great tool for anyone who has an image and want to know where that image appears online for example in a search for stolen photos. It can also notify you when a specific photo in your library suddenly appears somewhere else. Let’s check how we can benefit from this OSINT tool.
Continue reading