Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username for all the individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A divine gift issued to hackers with no statute of limitations. In this webcast, we explore an exploitation workflow using new features of the MailSniper toolkit testing G Suite.
In addition to leveraging G Suites as an Information disclosure engine, we explore the signaling involved with the Google Accounts authentication API. This allows us to observe and bypass protections Google attempts to implement such as Captchas and even 2FA. We close out with a demonstration of mass account enumeration and password guessing attacks!
Slides available here: https://blackhillsinformationsecurity.shootproof.com/gallery/6859127/