all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

TryHackMe Moniker Link (CVE-2024–21413) Write-Up

Add to bookmarks
March 4, 2024, 1:02 p.m. | Joseph Alan

System Weakness - Medium systemweakness.com

Task 1 Introduction

The CVE-2024–21413 vulnerability circumvents Outlook’s security protocols when processing a particular form of hyperlink referred to as a Moniker Link. Exploiting this flaw, an attacker can send an email containing a harmful Moniker Link to a target, prompting Outlook to transmit the user’s NTLM credentials to the attacker upon clicking the hyperlink.

Task 2 Moniker Link (CVE-2024–21413)

  1. Outlook can render emails as HTML
  2. Outlook can parse hyperlinks such as HTTP and HTTPS
  3. Outlook can open URLs that …

cve cybersecurity tryhackme tryhackme-walkthrough windows

Visit resource

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 3 days, 4 hours ago | systemweakness.com
attacks business compromise confidentiality +13
How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 3 days, 4 hours ago | systemweakness.com
access active directory applications authentication +15
OSI Model & TCP/IP Comparison 3 days, 4 hours ago | systemweakness.com
access communication deals frameworks +14
First AD home lab 4 days, 1 hour ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 4 days, 1 hour ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 4 days, 23 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 4 days, 23 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 4 days, 23 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 4 days, 23 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

PMO Cybersécurité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Third Party Risk Management - Consultant

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Consultant Cyber Sécurité H/F - Strasbourg

@ Hifield | Strasbourg, France
View on infosec-jobs.com

Information Security Compliance Analyst

@ KPMG Australia | Melbourne, Australia
View on infosec-jobs.com

GDS Consulting - Cyber Security | Data Protection Senior Consultant

@ EY | Taguig, PH, 1634
View on infosec-jobs.com

Senior QA Engineer - Cloud Security

@ Tenable | Israel
View on infosec-jobs.com
View more jobs