In this episode of Tradecraft Security Weekly, Mike Felch talks with Beau Bullock about the possibilities of using framesets in MS Office documents to send Windows password hashes remotely across the Internet. This technique has the ability to bypass many common security controls, so be sure to add it to your red team toolboxes. Mike Felch (@ustayready) Beau Bullock (@dafthack) LINKS: SensePost Blog - https://www.dropbox.com/s/hmna48mc6qodlrw/TSW%20Episode%2021.mp4?dl=0
[audio src="http://traffic.libsyn.com/tswaudio/Leaking_Windows_Creds_Externally_Via_MS_Office_-_Tradecraft_Security_Weekly_21_converted.mp3"]