Brahim El Fikhi
Publications
From a red team’s perspective, it could be interesting to retrieve access tokens, as they allow the access of confidential information such as Teams chats, emails, SharePoint documents, etc. Moreover, access tokens can also be used to send emails or Teams messages on behalf of the user, which can be leveraged for lateral movement or social engineering attacks.
In this article, we will explore how to extract access tokens from Office desktop applications, with a particular focus on Microsoft Teams.
