ttakvam
commented
1 year ago AFAIK this was possible I believe prior to the 14/15th of September. Testing after this date also gave us the warning message. Guess MS fixed something in their end?
Open itsmv opened 1 year ago
ttakvam
commented
1 year ago AFAIK this was possible I believe prior to the 14/15th of September. Testing after this date also gave us the warning message. Guess MS fixed something in their end?
Mur4Mur
commented
1 year ago 
SV-ZeroOne
commented
1 year ago Please can we get these bypasses implented in this tool?
The author of that bypass has found some other interesting behaviours that could be further levegaged to make this tool even better.
https://badoption.eu/blog/2023/02/12/S4B_Teams.html
Octoberfest7
commented
1 year ago Please can we get these bypasses implented in this tool?
The author of that bypass has found some other interesting behaviours that could be further levegaged to make this tool even better.
https://badoption.eu/blog/2023/02/12/S4B_Teams.html
To address the last three links posted, they were referred to and consulted during the creation of this tool. Some of the tricks were no longer working at time of publication of TeamsPhisher.
In regards to integrating the new splash screen bypass into TeamsPhisher, I will not be doing so because:
It has been confirmed by credible threat intel that APT’s and/or ransomware gangs have or are currently leveraging TeamsPhisher in their campaigns.
I am not being paid or compensated to maintain this project.
If someone would like to go to the trouble of creating a pull request in which they integrate the new bypass I’ll look at merging it in. I’d also do it myself for an internal version if there were interest for it at some place that is paying me to do so.
Mur4Mur
commented
1 year ago I wanted to add bypasses myself, but to be honest I didn’t really understand how this could be done. It seems to me that this cannot be implemented.
Why don't you add sponsorship? I think many would support you. As for the use of your development for malicious purposes, unfortunately, every developer in this topic faces this.
SV-ZeroOne
commented
1 year ago Please can we get these bypasses implented in this tool? The author of that bypass has found some other interesting behaviours that could be further levegaged to make this tool even better. https://badoption.eu/blog/2023/02/12/S4B_Teams.html https://badoption.eu/blog/2023/06/22/teams2.html https://badoption.eu/blog/2023/06/30/teams3.html
To address the last three links posted, they were referred to and consulted during the creation of this tool. Some of the tricks were no longer working at time of publication of TeamsPhisher.
In regards to integrating the new splash screen bypass into TeamsPhisher, I will not be doing so because:
- It has been confirmed by credible threat intel that APT’s and/or ransomware gangs have or are currently leveraging TeamsPhisher in their campaigns.
- I am not being paid or compensated to maintain this project.
If someone would like to go to the trouble of creating a pull request in which they integrate the new bypass I’ll look at merging it in. I’d also do it myself for an internal version if there were interest for it at some place that is paying me to do so.
Thanks for the reply and clarification Octoberfest7, I understand your predicament when it comes to phishing tooling being publicly available and being used for malicious purposes. As Mur4Mur stated its a issue we all face in this topic.
sergioandreslq
commented
5 months ago Thanks for all your hardwork: @Octoberfest7
As a reference, this is the splash screen the receiver see:
however, when there is chat 1:1 external, the splash image is different
Does the TeamsPhisher still bypass the "Someone outside your organization messaged you, are you sure you want to view it" splash screen? When I test the TeamsPhisher, I always get the splash screen as a warning