Next Meetup

Hidden inbox rules in MS Exchange... or how to persistently steal your messages
In recent investigations, Compass recognized a raise in popularity for attackers to compromise Microsoft Exchange credentials. As one of the first steps after having obtained the credentials (most commonly through phishing), attackers created malicious inbox rules to copy all in- and outgoing emails of their victim. The attacker's goal hereby was to guarantee access to emails even after the compromised credentials were changed by the victim. In this talk we present an undocumented method used to hide such inbox rules. These hidden rules remain functional but are no longer visible in email clients and Exchange admin tools (On-premise as well as Office365 environments). Finally, we discuss the effectiveness of the steps recommended by Microsoft to recover compromised accounts. Speaker: Damian Pfammatter finished his Computer Science studies at ETH Zurich with a specialization in IT security in 2014. After a one-year employment as a scientific employee at ETH, he started working at Compass Security Schweiz AG. Since March 2015 he supports the Compass team in the field of ethical hacking, penetration testing as well as digital forensics and incident response. Agenda: 17:30 - Doors will open 18:00 - Start Who: As usual, all our meetings are open to everyone and free of charge. Afterwards: Pizza and some drinks will be offered after the talk. More: Stay tuned by joining us here on Meetup ( and/or by subscribing to our (low-traffic) mailing list (

Compass Security

Weststrasse 50 · Zürich

Respond by: 11/20/2018

    Past Meetups (7)

    What we're about

    You are a critical thinker, a software developer/architect/engineer/..., a penetration tester, some coloured hat or simply interested in our topics? Then please attend one of our next meetings and bring along your questions, thoughts and own experiences.

    As usual, all of our meetings are open to everyone and free of charge.

    The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.

    Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

    Please see

    Members (339)

    Photos (37)