Owning MS Outlook with powershell

BSidesDE 2016

Presented by: Andrew Cole
Date: Saturday October 08, 2016
Time: 13:00 - 13:50
Location: DAC 301-302
Track: Track 2

Most companies, businesses, and organizations rely on Microsoft Outlook for managing email. This talk explores how Outlook can be leveraged for the benefit of red teams and penetration testers using only Windows PowerShell. Going beyond the basics of mere data mining, we will explore manipulating exchange rules to better enable client-side exploitation opportunities and gain further access. From there we’ll move on to maintaining access, covering everything from basic and dynamic triggering methods to collection automation techniques.

Andrew Cole

Andrew Cole (@colemination) is a security researcher with an obsessive passion for Windows PowerShell. In a past life he was a Military Intelligence Systems Maintainer, a Cryptologic Network Warfare Specialist, and Journeyman Interactive Operator for the US Army. He currently works for Chiron Technology Services’ Information Operations Team as a Computer Network Exploitation (CNE) instructor and content developer, and has previously spoken at B-Sides Augusta and NolaCon.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats