Most companies, businesses, and organizations rely on Microsoft Outlook for managing email. This talk explores how Outlook can be leveraged for the benefit of red teams and penetration testers using only Windows PowerShell. Going beyond the basics of mere data mining, we will explore manipulating exchange rules to better enable client-side exploitation opportunities and gain further access. From there we’ll move on to maintaining access, covering everything from basic and dynamic triggering methods to collection automation techniques.
Andrew Cole (@colemination) is a security researcher with an obsessive passion for Windows PowerShell. In a past life he was a Military Intelligence Systems Maintainer, a Cryptologic Network Warfare Specialist, and Journeyman Interactive Operator for the US Army. He currently works for Chiron Technology Services’ Information Operations Team as a Computer Network Exploitation (CNE) instructor and content developer, and has previously spoken at B-Sides Augusta and NolaCon.