Exchange
Resources
- Active Directory Methodology - HackTricks
- GitHub - dafthack/MailSniper: MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
Manual Test Cases
- Exfiltrate data, and test for DLP effectiveness
- Send a phishing email, and check if it goes to Spam folder