Nothing here yet.
Nothing here yet.
Aug 2, 2023 · 5 min read · This time we look mostly at the accounts used for phishing. tl;dr When phishing via Teams, an attacker controls the source AAD. Therefore, he can set every username he wants. This opens some possibilities. E-Mail as username Suffix the Username to ...
Join discussion
Aug 2, 2023 · 6 min read · Some features of MS Teams are only validated in the frontend and not in the backend, allowing us to tamper with some messages and functions, by directly interacting with the endpoints. Everything combined might increase the plausibility of social eng...
Join discussion
Aug 1, 2023 · 14 min read · Within this article, I would like to talk/write about phishing to bring up new ideas and perspectives to the good old phishing. Please note this article will not be that technical, so don´t expect a new tool or technique. But I want to answer the 25-...
Join discussion
Jul 19, 2023 · 7 min read · The upcoming .zip TLDs from Google brought some discussion about attack vectors. Most of those attack vectors are not completely new, like using an "@" to split between username and host. While playing a little bit around, an unexpected attack chain ...
Join discussion
Jul 14, 2023 · 14 min read · The aim of this article is to provide an insight in the most hidden secrets of the hacker world and the inner workings of their most holy tools, or maybe it is just an article how to read and parse LSASS memory dumps. TL; DR A PowerShell based tool t...
Join discussion