EX-AUTODISCOVER-LEAKCredential Access

Autodiscover Domain Hijack

Misconfigured Autodiscover sends credentials to autodiscover.<TLD> as fallback — register that domain externally and harvest credentials.

§ Where this technique fits

EX-AUTODISCOVER-LEAK is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Autodiscover external leak → credential harvest
Mis-implemented Autodiscover falls back to autodiscover.<TLD>; register that domain externally, harvest plaintext Basic-auth credentials from clients that haven't been patched / configured properly.
step 3 / 5

§ What commonly comes next

01
Input Capture
T1056 · Collection
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Autodiscover external leak → credential harvest

§ What commonly comes next