Microsoft Office 365 Enumeration

Site Enumeration:

Figure 1: MX Record
Figure 2: Invalid O365 Site Record
Figure 3: Valid O365 Site Record

User List:

Figure 4: Burp Suite Extension
Figure 5: Burp Suite Proxy Intercept

Account Validation:

Figure 6: Invalid User Account
Figure 7: Valid User Account
Figure 8: Invalid User Account (first initial last name)[IfExist:1]
Figure 9: Valid User Account (first.last)[IfExist:0]
Figure 10: Automated User List

Account Enumeration:

Figure 11: Burp Suite Intruder (Payloads)
Figure 12: Burp Suite Intruder (Options)
Figure 13: False-Positive — TrottleStatus
Figure 14: msspray.py Enumeration

Next Steps:

References:

Disclaimer:

--

--

--

Cyber Security Enthusiast

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to safely access the dark and deep web!!☠️

Part 4 — Delivering an Application Security Training Course

How to Make Sure You Are Protecting Online Payments

DxLock Update and Claim Update

Scarier Than You Think

let’s encrypt ssl

Flash Stock Firmware on Samsung Galaxy Note 7 SM-N930FD

Flash Stock Rom on Samsung Galaxy

Cardano Launches the Ethereum Virtual Machine (EVM) sidechain Alpha On Testnet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mike Bond

Mike Bond

Cyber Security Enthusiast

More from Medium

My eJPT journey

How Clubhouse user scraping and social graphs

Let’s learn WebApp Pentest from basic on DVWA. From setup to hack. Part 2. Bruteforce(low to high).

Disclose the Agent:A DFIR Challenge.