Office 365

Christian Philipov
3 Sep 2025

Staying Sneaky in the Office (365)

SharePoint APIs provide a default functionality which can be used to download files outside of trusted devices and IP addresses. Thus, bypassing assumptions regarding where sensitive documents can be accessed from and providing an avenue for an attacker to exfiltrate information

William Knowles
22 Sep 2017

"Tasking" Office 365 for Cobalt Strike C2

A novel Command and Control (C2) technique for Cobalt Strike was demonstrated using Office 365's Exchange Web Services. The technique leverages Outlook tasks as a communication channel to transmit malicious traffic through a legitimate service. The proof-of-concept shows how attackers can use the External C2 interface to create covert communication paths through enterprise collaboration tools.