Autodiscovering the Great Leak by Amit Serper The design fl | PT SWARM
Autodiscovering the Great Leak by Amit Serper
The design flaw within the Autodiscover protocol that makes it possible for an attacker who controls top-level Autodiscover domains (or has the ability to conduct a DNS-poisoning attack using these domains), to get valid domain credentials from leaky Autodiscover requests.
Contents: • Executive summary • Introduction • What is Autodiscover? • Abusing the Leak • The ol’ switcheroo • Mitigation • Conclusion
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...