In a very real sense, Skype4B provides a bridge from The Internet into a company’s internal network, allowing an attacker to interact with the internal Active Directory environment. This bit of convenience makes Skype4B an attractive target to attackers. Skype for Business, by design, is meant to encourage communication between individuals and it is often externally-accessible so that employees can stay connected 24×7 without the need for a VPN. When companies choose to host Skype for Business (previously Microsoft Lync) on-premises, they can inadvertently introduce a large attack surface. Note: For the sake of brevity throughout this post, Skype for Business and Microsoft Lync will both be referred to under the umbrella designation of ‘Skype4B’. If you’re using O365 wait for the next post. TL DR: How to attack self-hosted Skype for Business (Lync) servers.
By TrustedSec in Penetration Testing, Security Testing & Analysis
0 kommentar(er)
