Outlook Web Application (OWA) and Office 365 (O365) Hacking

External Penetration Test Case Study phoneLIFARS regularly conducts penetration tests to ensure the effectiveness of the security measures of our clients maintain strong and can uphold to real world scenarios. Our cyber resiliency experts deliver calculated attacks against systems the same way black hat hackers.
In December, our client requested that LIFARS Pen Testing Team perform an external black box penetration test as part of a due diligence exercise. The client, a medium sized organization with over 1000 employees and 200 IPv4 addresses, understands the risks they face on a daily basis and the importance of meeting compliance standards. Therefore, this client requested an external black box penetration test on their network.
The intent of this assessment was to identify weaknesses in the company internet facing infrastructure and to detail how these vulnerabilities could impact the organization.
Therefore, the team used Outlook Web Application (OWA) and Office 365 (O365) as main targets for user enumeration and password spraying. Main emphasis was focused on weak integration of security measures between OWA and O365. The black box testing, as an unauthenticated user for OWA and O365, and its assessment was led in a manner that simulated a malicious actor engaged in a targeted attack against the company’s external internet facing network. This security testing effort was conducted with emphasis on the actual state of the systems examined and no documentation to the client was provided.

Download External Pent Test Case Study.