Extract password from exe – Part 1 Extract password from exe is one of the techniques that we may use during our red team engagement. Actually, there are tons of information that is available in an executable file. This information may include credentials, keys, database information, IP address, etc. Although we will use the red…
In many of exchange email account compromise case investigation, attacker trends to add an inbox rule and forward victims’s email to an email account under attacker’s control. In order to make the victim(s) even harder to detect the forward rules, attacker use some more advance technique to hide the forward rules.
There are different research articles discussing hidden inbox forward rule on O365 including Compass Security, Matthew Green and GCITS. That’s why we will discuss it for On-Premise Exchange such as Exchange 2013, 2016 & 2019.
A long time ago, I discovered I can bypass VPN restriction using WSL. Certainly, it give me some kind of convenience during my work.
Have you ever do the similar thing ? For instance, you figure out how to workaround the security control to complete your sysadmin duty.