Hacking Corporate Email Systems

Hacking Corporate Email Systems

via YouTube Direct link

Extract Global Address List

20 of 29

20 of 29

Extract Global Address List

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Hacking Corporate Email Systems

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Penetration Methodology
  3. 3 Agenda
  4. 4 Locate Email Domain
  5. 5 Gather Employee Names
  6. 6 Frontend SMTP Servers
  7. 7 Frontend SMTP Email Validation
  8. 8 Backend SMTP - Email Bounce Back
  9. 9 Locate Webmail System - Autodiscover
  10. 10 Client Access Server - Autodiscover
  11. 11 OWA Webmail - Autodiscover
  12. 12 OWA Webmail - Internal IP
  13. 13 Key Information for Credential Extraction
  14. 14 OWA - AD Domain Enumeration
  15. 15 Format Employee Names to Usernames
  16. 16 OWA Timing Attack
  17. 17 OWA Two-Factor Authentication Bypass
  18. 18 Brute-force Password Guessing
  19. 19 Mailbox Keyword Search
  20. 20 Extract Global Address List
  21. 21 Autodiscover XML SOAP Injection
  22. 22 Autodiscover Configuration Enumeration Autodiscover.xml reveals
  23. 23 Malicious Attachment
  24. 24 Malicious Website
  25. 25 SMTP Catch-all
  26. 26 SMB Email Client Attack
  27. 27 Reuse AD Credentials on Services • Web applications
  28. 28 Reusing gathered info on Internal Network
  29. 29 Remediation & Reduce Risk

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.