Completed
SMTP Catch-all
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Hacking Corporate Email Systems
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Penetration Methodology
- 3 Agenda
- 4 Locate Email Domain
- 5 Gather Employee Names
- 6 Frontend SMTP Servers
- 7 Frontend SMTP Email Validation
- 8 Backend SMTP - Email Bounce Back
- 9 Locate Webmail System - Autodiscover
- 10 Client Access Server - Autodiscover
- 11 OWA Webmail - Autodiscover
- 12 OWA Webmail - Internal IP
- 13 Key Information for Credential Extraction
- 14 OWA - AD Domain Enumeration
- 15 Format Employee Names to Usernames
- 16 OWA Timing Attack
- 17 OWA Two-Factor Authentication Bypass
- 18 Brute-force Password Guessing
- 19 Mailbox Keyword Search
- 20 Extract Global Address List
- 21 Autodiscover XML SOAP Injection
- 22 Autodiscover Configuration Enumeration Autodiscover.xml reveals
- 23 Malicious Attachment
- 24 Malicious Website
- 25 SMTP Catch-all
- 26 SMB Email Client Attack
- 27 Reuse AD Credentials on Services • Web applications
- 28 Reusing gathered info on Internal Network
- 29 Remediation & Reduce Risk