all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Outlook NTLM Leak | Tryhackme Writeup/Walkthrough | By Md Amiruddin

Add to bookmarks
March 26, 2023, 10:35 a.m. | Md Amiruddin

InfoSec Write-ups - Medium infosecwriteups.com

Leak password hashes from a user by sending them an email by abusing CVE-2023–23397.

Room Link : https://tryhackme.com/room/outlookntlmleak

Task 1 : Introduction

On Tuesday, March 14th, Microsoft released 83 security fixes on Patch Tuesday, including CVE-2023–23397. This critical vulnerability impacts all versions of the Outlook desktop app on any Windows system. Outlook web app (OWA) and Microsoft 365 aren’t vulnerable since they do not support NTLM authentication.

Unlike most exploits, this one is particularly dangerous because it is a zero-click …

cybersecurity infosec leak ntlm outlook security tryhackme tryhackme-walkthrough walkthrough writeup

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Tutorial on x86 Architecture: From Basics to Cybersecurity Links 1 day, 16 hours ago | infosecwriteups.com
architecture basics components continue +14
NTFS Filesystem: Alternate Data Stream (ADS) 1 day, 16 hours ago | infosecwriteups.com
filesystem forensics ntfs security +1
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus 1 day, 16 hours ago | infosecwriteups.com
hacker hacking hacking tools linux +1
Breaking Safeguards: Unveil “Many-Shot Jailbreaking” a Method to Bypass All LLM Safety Measures 1 day, 16 hours ago | infosecwriteups.com
artificial intelligence breaking bypass chatgpt +15
XSS Unpacked: What It Is, How It Works, and How to Stop It 1 day, 16 hours ago | infosecwriteups.com
cybersecurity script-injection secure coding web security +1
How I Hack Web Applications (Part 1) 1 day, 16 hours ago | infosecwriteups.com
application security bug bounty ethical hacking infosec +1
Storm Breaker: Unveiling the Power of the Social Engineering Tool 1 day, 16 hours ago | infosecwriteups.com
capabilities continue cybersecurity engineering +12
CVE-2024–3400: A Critical Vulnerability in PAN-OS Firewalls 1 day, 16 hours ago | infosecwriteups.com
bug bounty command command injection critical +13
If You Want To Be A CISO Then Read This First … 1 day, 16 hours ago | infosecwriteups.com
career advice careers ciso cybersecurity +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Officer (ISSO), Junior

@ Dark Wolf Solutions | Remote / Dark Wolf Locations
View on infosec-jobs.com

Cloud Security Engineer

@ ManTech | REMT - Remote Worker Location
View on infosec-jobs.com

SAP Security & GRC Consultant

@ NTT DATA | HYDERABAD, TG, IN
View on infosec-jobs.com

Security Engineer 2 - Adversary Simulation Operations

@ Datadog | New York City, USA
View on infosec-jobs.com
View more jobs