Azure Outlook Command And Control that uses Microsoft Graph API for C2 communications And data exfiltration.
The intriguing world of ‘Azure Outlook C2,’ a cutting-edge cybersecurity development that leverages the power of the Microsoft Graph API for command and control (C2) communications and data exfiltration.
In this article, we delve into the capabilities and implications of this novel approach, created by cybersecurity experts Bobby Cooke and Paul Ungur.
Discover how attackers can remotely control compromised Windows devices from within an Outlook mailbox, and gain insights into the latest threats, defense strategies, and the evolution of this C2 technique.
Elastic Security Labs has discovered active intrusions in the wild using SIESTAGRAPH. SIESTAGRAPH interacts with Microsoft’s GraphAPI for command and control using Outlook and OneDrive.
Check out their awesome malware analysis blogs on Azure Outlook C2 communications below.
If you have any information about similar projects, CTI info about this TTP being used in the wild by APT/ransomware-groups, defense advice, recommendations for Red Teamers interested in Azure C2 threat emulation, or any other information that would be a good add to this blog/readme, please contact me or submit a Pull Request. Thank you!
For more information click here
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…