Olga Karelova

Head of Security Analysis of Information Systems, М-13

About speaker

CTF team’s ‘rm -rf’ captain (rm -rf is VolgaCTF’s winner in 2012, 2013). M*CTF competition technical director in 2014–2016. MEPhI Department of Cryptology and Cyber Security assistant.
November 16
13:30 — 14:00
Fast Track
Phishing is an integral part of red teaming. Using documents with macros and DDE has come to be in bad taste. Luckily, a lot of companies use MS Exchange as a corporate mail server. The use EWS makes the users’ life easier and really helps red team specialists. A regular MS Office document allows the researcher to obtain a user’s password, as well as to gain complete control over his MS Exchange mailbox.
This report is about the tool developed by our team, which works with all modern Microsoft OS versions and allows you to implement an NTLM-relay attack on MS Exchange Server via both SMB and HTTP. A convenient logging and flexible configuration systems allows you to produce phishing campaigns qualitatively and quickly.