In this article we’ll discuss how to get clear text credentials from Outlook 2016 using Responder on Mac OS High Sierra. From password spraying SSO endpoints, to abusing Azure programs and Office applications — Office 365 and Microsoft Communication products are often the target of credential theft.

As shown below by @_dirk-jan ; there are new attack vectors that can leverage both old and new insecurities within the Microsoft, Azure and Office 365 environments and products.

As Mac OS, iOS and Microsoft platforms collide in the cloud space, I think we’ll see more, cross platform abuse, and sophisticated exploits that can target multiple Operating Systems — Payloads that can target internal, hybrid and office solutions. New techniques tools and procedures, will be necessary given the necessity of most infrastructure’s relying on cloud and hybrid environments spread across a fragmented, non homogeneous client landscape that includes more Mac OS, and Android.