Explore a detailed cybersecurity conference talk that delves into critical Outlook vulnerabilities, particularly focusing on CVE-2024-30103 and its implications for remote code execution. Learn how seemingly harmless empty emails can trigger RCE through invisible forms and COM objects, starting with CVE-2024-21378. Discover the evolution of multiple attack vectors in Microsoft Outlook, including vulnerabilities that can lead to NTLM leaks from domain-joined devices. Follow the speakers' journey through the attack surface timeline, understanding how these exploits developed and transformed over time. Gain valuable insights into practical defense strategies and specific recommendations for mitigating these security threats in your organization's email infrastructure.
Outlook Unleashing RCE Chaos: Exploiting CVE-2024-30103
Overview
Syllabus
DEF CON 32 - Outlook Unleashing RCE Chaos CVE 2024 30103 - Michael Gorelik, Arnold Osipov
Taught by
DEFCONConference
Related Courses
-
Outlook Unleashing RCE Chaos: Understanding CVE-2024-30103
-
CVE-2024-43491 Windows Update Remote Code Execution: What You Should Know
-
Microsoft Outlook CVE-2024-21413 Vulnerability - Protecting Your Credentials
-
Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana
-
Atomic Honeypot - A MySQL Honeypot That Drops Shells
-
QuickShell: Remote Code Execution Attack Chain Analysis in Quick Share
