4/20/24
Microsoft Teams
§ By default, Microsoft Teams allows for external tenants to collaborate and message users in your tenant § Attackers can use this to send malware directly to your users via a vulnerability in Microsoft Teams § Attackers can send a message directing employees to visit a website designed to capture credentials § Device-code login to breach account without breaching the account password § https://microsoft.com/devicelogin
13
13
Microsoft Teams Device Code Login
§ Attacker can message employee to navigate to Microsoft website and enter code ABC1234 to authenticate § This code can be generated remotely by malicious PowerShell commands § Once a user authenticates, the PowerShell session obtains two tokens from Microsoft, giving the attacker access to the user’s account without compromising their password § Bypasses multi-factor authentication
14
14
7
Made with FlippingBook - Online catalogs