Downloading an Address Book from an Outlook Web App (OWA) Portal
Summary
This article describes a penetration testing technique for downloading an address book from an Outlook Web App (OWA) portal. It also mentions an update providing PowerShell capabilities for automatic address book downloads using the MailSniper tool.
IFF Assessment
FOE
This technique allows attackers to gain access to sensitive contact information, which can be used for further targeting or social engineering.
Defender Context
Defenders should be aware of this technique as it highlights a potential information disclosure vector within OWA portals. Implementing proper access controls, monitoring for unusual data exfiltration patterns, and keeping OWA instances patched and configured securely are crucial steps to mitigate this risk.