Outlook – Oddvar Moe's Blog

Office 365 Safe links bypass

Posted on 3 Jan 2018 by Oddvar Moe [MVP]

Time for a break from the AppLocker case study to blog about this issue, since I found it very interesting. This issue was actually discovered by me and a customer of mine by coincidence. The issue has been run through Microsoft Security Response Center (MSRC) and they concluded that this can be fixed with a … Continue reading Office 365 Safe links bypass →

Defense-In-Depth write-up

Posted on 13 Sep 20177 Nov 2017 by Oddvar Moe [MVP]

TL;DR .BGI files can be sent on mail as attachment and can execute code when opened.Requires that BGinfo.exe has been run on the remote machine once. It will also bypass Outlook attachment protection (Fixed with Defense-in-depth patch from September 2017). PowerShell functions to generate BGI and VBSWebMeter here: https://github.com/api0cradle/BGInfo I was acknowledged on … Continue reading Defense-In-Depth write-up →