Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Abusing Teams client protocol to bypass Teams security policies
Nestori Syynimaa - o365BlogPosted 5 Years Ago- Microsoft Teams administrators can use policies to control what users can and cannot do.
- So, what is the bug? All of this is ONLY enforced client side. So, you can still call the APIs but the UI will not be nice and pretty for the user. According to the end of the article, this can be used to bypass Messaging Policies, Cloud File Storage Restrictions and Meeting Policies.
- This issue was literally discovered by altering the response from the user. So, client-side enforcement is still out there and worth testing for!
