Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

This is a high value target, as a large amount of people use Office 365. Being able to compromise this at any company would be the dream for a nation-state actor.

Exchange Server exposes a number of web APIs as well as a powershell remoting interface for users and administrators. This looks like a good target for trying to find a command injection of some sorts.

There is an API that takes in a list of strings which are then executed in the CLI as a powershell command. If an attacker can control this data, then it is essentially game over.

It appears that reversing this was super easy; the code that the author has looks really nice! I assume this is because C# code can be easily decompiled into its original form.

Microsoft failed to patch this bug twice. This was because they attempted to use a denylist from the attackers first payload. The author was able to bypass the restrictions twice and got additional payouts from Microsoft. Denylists are extremely difficult to set properly.