Credential Harvesting As a Service: How this Darkweb Organization Steals Your Microsoft Credentials presented at DataConnectorsVancouver 2020

by Michael Landewe,

Summary : In this presentation, we will analyze the attack methods of a single advanced persistent threat organization that guarantees its dark-web customers that their messages will bypass Microsoft security. We will review the software they use to send email from anywhere in the world, their techniques that take advantage of both short- and long-lived vulnerabilities and the infrastructure to harvest credentials and perform attacks almost instantaneously.You will be surprised by the sophistication of the tools as well as their ease of use. Updated regularly with release notes and training videos, they are not ‘hackers’, so much as software developers with a very clear product offer: 100% access to your inbox. We will watch them over time and show how the tricks they use provide us with the indicators-of-attack we need to stop them.