Nächstes Meetup

Hidden inbox rules in MS Exchange... or how to persistently steal your messages
In recent investigations, Compass recognized a raise in popularity for attackers to compromise Microsoft Exchange credentials. As one of the first steps after having obtained the credentials (most commonly through phishing), attackers created malicious inbox rules to copy all in- and outgoing emails of their victim. The attacker's goal hereby was to guarantee access to emails even after the compromised credentials were changed by the victim. In this talk we present an undocumented method used to hide such inbox rules. These hidden rules remain functional but are no longer visible in email clients and Exchange admin tools (On-premise as well as Office365 environments). Finally, we discuss the effectiveness of the steps recommended by Microsoft to recover compromised accounts. Speaker: Damian Pfammatter finished his Computer Science studies at ETH Zurich with a specialization in IT security in 2014. After a one-year employment as a scientific employee at ETH, he started working at Compass Security Schweiz AG. Since March 2015 he supports the Compass team in the field of ethical hacking, penetration testing as well as digital forensics and incident response. Agenda: 17:30 - Doors will open 18:00 - Start Who: As usual, all our meetings are open to everyone and free of charge. Afterwards: Pizza and some drinks will be offered after the talk. More: Stay tuned by joining us here on Meetup (https://www.meetup.com/de-DE/OWASPSwitzerland/) and/or by subscribing to our (low-traffic) mailing list (https://lists.owasp.org/mailman/listinfo/owasp-switzerland).

Compass Security

Weststrasse 50 · Zürich

Registrierung bis zum: 20.11.2018