search

Business Email Compromise

LogoBusiness-Email-Compromise-Guide/PwC-Business_Email_Compromise-Guide.pdf at main ¡ PwC-IR/Business-Email-Compromise-GuideGitHubchevron-right
Logophishing email but has same domain - Microsoft Q&AMicrosoftLearnchevron-right

hashtag
MailSniper:

Groups with full rights in Exchange:

  • Organization Management

  • Exchange Organization Administrators

By default, the “Domain Admins” group does not have “full access” rights to mailboxes on Exchange.

BUT, the “Domain Admins” group has the ability to grant this access to any account. You can always resort to adding your own user to the group with a DA

From a workstation on the domain the following command can be run as a domain admin to add a user to the “Exchange Organization Administrators” group:

hashtag
ApplicationImpersonation

Users with the “ApplicationImpersonation” rolearrow-up-right have the ability to access other user's mailboxes.

The “ApplicationImpersonation” role is a Microsoft Exchange server role that, when granted to a user, allows them to impersonate other users when accessing mailboxes. This role can be granted at the Exchange Management Shell with the following command:

LogoIntroducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data - Black Hills Information Security, Inc.Black Hills Information Security, Inc.chevron-right

hashtag
Security portals

LogoPlanning Guidance for Unified Security Operations in the Microsoft Defender Portal - Unified security operationsMicrosoftLearnchevron-right
LogoPhishing investigationMicrosoftLearnchevron-right
LogoGitHub - randomaccess3/Awesome-BEC: Repository of attack and defensive information for Business Email Compromise investigationsGitHubchevron-right
LogoCrowdStrike Services Identifies Microsoft 365 Logging InconsistenciesCrowdStrike.comchevron-right
LogoRecommended policies for specific Microsoft 365 workloadsMicrosoftLearnchevron-right
LogoMicrosoft 365 Admin portal abused to send sextortion emailsBleepingComputerchevron-right

PreviousTokensNextHardening

Last updated