Cyber security

Azure Outlook C2 – Unveiling Remote Control Of Windows Devices Via Outlook Mailbox

Azure Outlook Command And Control that uses Microsoft Graph API for C2 communications And data exfiltration.

The intriguing world of ‘Azure Outlook C2,’ a cutting-edge cybersecurity development that leverages the power of the Microsoft Graph API for command and control (C2) communications and data exfiltration.

In this article, we delve into the capabilities and implications of this novel approach, created by cybersecurity experts Bobby Cooke and Paul Ungur.

Discover how attackers can remotely control compromised Windows devices from within an Outlook mailbox, and gain insights into the latest threats, defense strategies, and the evolution of this C2 technique.

CTI Threat Update (02/13/22)

Elastic Security Labs has discovered active intrusions in the wild using SIESTAGRAPH. SIESTAGRAPH interacts with Microsoft’s GraphAPI for command and control using Outlook and OneDrive.

Check out their awesome malware analysis blogs on Azure Outlook C2 communications below.

Update (09/27/21)

  • Azure Outlook C2 now has a cross-platform Graphical User Interface (GUI)!

Controlling A Computer Via Outlook Mailbox With The C2 GUI

Controlling A Computer Via Outlook Mailbox

  • The update supports original Outlook Mailbox control.

If you have any information about similar projects, CTI info about this TTP being used in the wild by APT/ransomware-groups, defense advice, recommendations for Red Teamers interested in Azure C2 threat emulation, or any other information that would be a good add to this blog/readme, please contact me or submit a Pull Request. Thank you!

For more information click here

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

9 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

9 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

9 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

9 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

9 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

12 hours ago