{"id":3920,"date":"2020-01-21T08:20:50","date_gmt":"2020-01-21T06:20:50","guid":{"rendered":"https:\/\/www.msb365.blog\/?p=3920"},"modified":"2023-06-23T13:04:54","modified_gmt":"2023-06-23T11:04:54","slug":"phishing-attack-simulation-in-exchange-online-part-three","status":"publish","type":"post","link":"https:\/\/www.msb365.blog\/?p=3920","title":{"rendered":"Phishing attack simulation in Exchange online &#8211; Part three"},"content":{"rendered":"<h2><strong>Prolog<\/strong><\/h2>\n<p>At this point I am happy to present the third part of my series &#8220;Phishing attack simulation\u201d.<\/p>\n<p>In this article we will focus on <strong>Brute force Password (Dictionary) attacks<\/strong>.<\/p>\n<p>A brute-force attack dictionary is an automated, trial-and-error method of generating multiple passwords guesses from a dictionary file against a user&#8217;s password.<\/p>\n<p>Identical to Spear Phishing attacks, whether Credentials Harvest or Attachment, the prequels are the same.<\/p>\n<p>The ATP Plan 2 is required! ATP Plan 2 is included in:<\/p>\n<ul>\n<li>Office 365 E5.<\/li>\n<li>Office 365 A5<\/li>\n<li>Microsoft 365 E5<\/li>\n<\/ul>\n<p>If your organization don&#8217;t run any of those plans, they can be purchased dedicated as an add-on for certain subscriptions.<\/p>\n<p>To learn more, see Feature availability across ATP plans.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Attack tree \u2013 Password attack<\/strong><\/h2>\n<p>So that we can start planning a simulated attack, we have to go to our\u00a0<strong>Security &amp; Compliance Center<\/strong>\u00a0first, then we browse further on\u00a0<strong>Threat<\/strong>\u00a0<strong>management<\/strong>\u00a0&gt;\u00a0<strong>Attack simulator<\/strong>.<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/1.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-4035\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/1.png\" alt=\"\" width=\"297\" height=\"462\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/1.png 297w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/1-193x300.png 193w\" sizes=\"(max-width: 297px) 100vw, 297px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>In our first case we select the\u00a0<strong>Brute Force Password (Dictionary<\/strong> <strong>A<\/strong><strong>ttack<\/strong><strong>)<\/strong>\u00a0option and click\u00a0<strong>Launch Attack<\/strong>.<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-4036\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2.png\" alt=\"\" width=\"2065\" height=\"1091\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2.png 2065w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-300x158.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-1024x541.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-768x406.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-600x317.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-1536x812.png 1536w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-2048x1082.png 2048w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-1600x845.png 1600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-905x478.png 905w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/2-1320x697.png 1320w\" sizes=\"(max-width: 2065px) 100vw, 2065px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Now the configuration wizard is started. First, we have to give our simulation a campaign name. If this is defined, continue with\u00a0<strong>Next<\/strong>.<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/3.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-4037\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/3.png\" alt=\"\" width=\"869\" height=\"482\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/3.png 869w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/3-300x166.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/3-768x426.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/3-600x333.png 600w\" sizes=\"(max-width: 869px) 100vw, 869px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>In the next step the target users are defined. A single attack can be executed against the entire organization or only against individual users.<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/4-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4039\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/4-1.png\" alt=\"\" width=\"950\" height=\"473\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/4-1.png 950w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/4-1-300x149.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/4-1-768x382.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/4-1-600x299.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/4-1-905x451.png 905w\" sizes=\"(max-width: 950px) 100vw, 950px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Now we need to define the passwords we want to use for our Test. This can be made In two ways:<\/p>\n<p>Manual by adding Passwords to test or by a file.<\/p>\n<p>If you want, I have prepared a TXT File with the currently 10\u2019000 most known and used passwords.<\/p>\n<p>This file you can download below<\/p>\n<div class=\"\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/MSB365-PW-List-10K.zip\" target=\"_self\" class=\"emd_dl_red_darker\">Download Now<\/a><\/div>    <style>            \r\n    .emd_dl_red_darker {\r\n        -moz-box-shadow:inset 0px 1px 0px 0px #f5978e;\r\n        -webkit-box-shadow:inset 0px 1px 0px 0px #f5978e;\r\n        box-shadow:inset 0px 1px 0px 0px #f5978e;\r\n        background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #f24537), color-stop(1, #c62d1f) );\r\n        background:-moz-linear-gradient( center top, #f24537 5%, #c62d1f 100% );\r\n        filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#f24537', endColorstr='#c62d1f');\r\n        background-color:#f24537;\r\n        -webkit-border-top-left-radius:0px;\r\n        -moz-border-radius-topleft:0px;\r\n        border-top-left-radius:0px;\r\n        -webkit-border-top-right-radius:0px;\r\n        -moz-border-radius-topright:0px;\r\n        border-top-right-radius:0px;\r\n        -webkit-border-bottom-right-radius:0px;\r\n        -moz-border-radius-bottomright:0px;\r\n        border-bottom-right-radius:0px;\r\n        -webkit-border-bottom-left-radius:0px;\r\n        -moz-border-radius-bottomleft:0px;\r\n        border-bottom-left-radius:0px;\r\n        text-indent:0;\r\n        border:1px solid #d02718;\r\n        display:inline-block;\r\n        color:#ffffff !important;\r\n        font-family:Georgia;\r\n        font-size:15px;\r\n        font-weight:bold;\r\n        font-style:normal;\r\n        height:41px;\r\n        line-height:41px;\r\n        width:153px;\r\n        text-decoration:none;\r\n        text-align:center;\r\n        text-shadow:1px 1px 0px #810e05;\r\n    }\r\n    .emd_dl_red_darker:hover {\r\n        background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #c62d1f), color-stop(1, #f24537) );\r\n        background:-moz-linear-gradient( center top, #c62d1f 5%, #f24537 100% );\r\n        filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#c62d1f', endColorstr='#f24537');\r\n        background-color:#c62d1f;\r\n    }.emd_dl_red_darker:active {\r\n        position:relative;\r\n        top:1px;\r\n    }<\/style>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4040\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/5.png\" alt=\"\" width=\"917\" height=\"549\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/5.png 917w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/5-300x180.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/5-768x460.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/5-600x359.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/5-905x542.png 905w\" sizes=\"(max-width: 917px) 100vw, 917px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>The configuration of the simulated attack is now complete. Click Finish to start it.<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4041\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/6.png\" alt=\"\" width=\"964\" height=\"474\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/6.png 964w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/6-300x148.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/6-768x378.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/6-600x295.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/6-905x445.png 905w\" sizes=\"(max-width: 964px) 100vw, 964px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>The attack simulation<\/strong><\/h2>\n<p>To check the attack, we need to go to the Attack Details.<\/p>\n<p>Here we can see the current status of the simulation<\/p>\n<p><strong>Note<\/strong>: This can take a while.<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4042\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/7.png\" alt=\"\" width=\"702\" height=\"313\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/7.png 702w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/7-300x134.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/7-600x268.png 600w\" sizes=\"(max-width: 702px) 100vw, 702px\" \/><\/a><\/p>\n<p>Other than in the previous simulations, there are no obvious tasks for the user to do. This test works automatically and will give a result at the end.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Reporting<\/strong><\/h2>\n<p>After finishing the simulation we see the following report:<\/p>\n<p><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4044\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8.png\" alt=\"\" width=\"1171\" height=\"316\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8.png 1171w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8-300x81.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8-1024x276.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8-768x207.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8-600x162.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2020\/01\/8-905x244.png 905w\" sizes=\"(max-width: 1171px) 100vw, 1171px\" \/><\/a><\/p>\n<h2><\/h2>\n<h2><strong>Conclusion<\/strong><\/h2>\n<p>As we have seen in this attack, this attack is different from the classic phishing attacks I wrote about earlier. In this simulation you don&#8217;t have to wait for a user to interact, you can simply use a list of predefined passwords and wait for the result.<\/p>\n<p>Just keep in mind that the longer the password list and user list, the longer the attack will take.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Prolog At this point I am happy to present the third part of my series &#8220;Phishing attack simulation\u201d. In this article we will focus on Brute force Password (Dictionary) attacks. A brute-force attack dictionary is an automated, trial-and-error method of generating multiple passwords guesses from a dictionary file against a user&#8217;s password. Identical to Spear [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3924,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1923,2],"tags":[],"class_list":["post-3920","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-365","category-exchange"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/3920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3920"}],"version-history":[{"count":6,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/3920\/revisions"}],"predecessor-version":[{"id":5179,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/3920\/revisions\/5179"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/media\/3924"}],"wp:attachment":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}