Many organizations are turning to Microsoft to help with their internal communication needs, and some are exposing themselves to external attacks by federating their Skype for Business (formerly Lync) deployments. Federation allows organizations to talk to other external Skype users, but do they really need to? In this talk, we'll go over how you can use the Lync SDK (and a federated account) to automate attacks against federated Skype for Business deployments. We will start with user enumeration and social engineering recon, move on to some password brute force attacks, and wrap things up by automating Skype phishing attacks.
Karl is a Managing Consultant with NetSPI. He has spent a bunch of time this year digging into the Skype for Business SDK using PowerShell.