I didn’t understand from that article how the c2 server reaches the malware.
How could a remote server access the draft emails on a hosts Outlook client? I can see how the client can manipulate them and stuff data to avoid detection, but I don’t see how the c2 server access them.
I didn’t understand from that article how the c2 server reaches the malware.
How could a remote server access the draft emails on a hosts Outlook client? I can see how the client can manipulate them and stuff data to avoid detection, but I don’t see how the c2 server access them.
Maybe I need to know more about the graph API?