Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

In this post we will discuss ‘How the attacker uses the Microsoft office for phishing attack to get the NTLM hashes from Windows.’ Since we all knew that Microsoft Office applications like Word, PowerPoint, Excel and Outlook are the most reliable resource for any organization, and an attacker takes advantage of this reliance to masquerade the user.

Here, we’ve been trying to explain what a different approach an attack uses for a phishing attack to capture Microsoft Windows NTLM hashes.

In actual fact, the attacker tried to use the UNC path injection technique to capture the Windows NTLM hashes and use phishing to achieve his goal. Abusing Microsoft Outlook 365 to Capture NTLM