Exchange and OWA attacks – Step by Step

Word Cookies Exploit

Word Cookies Exploit


Coins Hack



Lately we released an attack where an evil bad guy (or tester) could easily bypass Outlook Web Access Two Factor Authentication to gain access to sensitive emails. We were hoping to see a change in the way OWA handled authentication. Instead, we we got an email from Microsoft stating this is not an issue anyone should worry about. We also saw several posts from exchange experts saying the same thing…

But we think worrying is probably in order.

This vulnerability is built on a year of work at BHIS. From OWA domain enumeration, to user enumeration, to password enumeration to bypass it has been a slow steady build on this attack. Well, now we will do a full, step-by-step walk through of the attack, from beginning to end, to demonstrate the risk. We will also re-enforce and highlight why the OWASP top 10 are still relevant and so key to this attack.

Get the slides here:

https://blackhillsinformationsecurity.shootproof.com/gallery/8014920
Video Rating: / 5



Money participate in an important part in the game, and you may need to keep it in mind. The Word Cookies Cheats can help the people to generate big amounts of Coins in minutes to win the game.