Header smuggling → gateway sees vendor, mailbox sees attacker

§ Context

Assumed environment: target uses a mainstream secure email gateway. Internal Outlook clients render From per RFC 5322; the gateway parses RFC 5321 envelope — two different views.

§ Steps

1. 01
   Deliver to target usersInitial Access

   T1566— Phishing
2. 02
   Victim trusts apparent senderExecution

   T1204— User Execution
3. 03
   Identify gateway / mail client versionsReconnaissance

   W-RECON-FINGERPRINT— Tech Stack Fingerprinting
4. 04
   Test against catch-all + DefenderDefense Evasion

   W-WAF-BYPASS— WAF Bypass
5. 05
   Cred capture / payload execInitial Access

   PH-AITM-EVILGINX— AITM Phishing — Evilginx / Modlishka
6. 06
   Craft double-From / encoded-header payloadInitial Access

   EM-HEADER-SMUGGLE— Email Header Smuggling

§ References

• T1566Phishing
• T1204User Execution

§ Frequently asked

What is the "Header smuggling → gateway sees vendor, mailbox sees attacker" attack path?

Crafted RFC-edge headers cause SPF/DMARC to validate against one From while Outlook renders the other — slips past Microsoft Defender / Proofpoint and lands as a 'verified' message. It chains 6 steps drawn from real-world offensive-security techniques.

What starting position does this attack require?

The first step is Deliver to target users (T1566) — a initial access primitive. Assumed environment: target uses a mainstream secure email gateway.

What is the final impact of this kill-chain?

The final step lands on Craft double-From / encoded-header payload (EM-HEADER-SMUGGLE), which falls under Initial Access. From here, an operator typically pivots into post-exploitation or maintains persistence.

How can defenders detect or prevent this attack?

Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

§ Related dossiers

• Shared techniques3

  Compromised vendor mailbox → reply-chain phishing → client compromise

  Take over a vendor / partner mailbox via AITM phishing. Reply to an existing thread with a malicious link — trust transferred from the genuine prior conversation defeats most user training.

• Shared techniques3

  Browser-in-the-Browser → credential theft on a trusted page

  Render a fake SSO popup inside the attacker page that looks like a real OS browser window. Victim types their credentials into the attacker's DOM.

• Shared techniques2

  Malicious MCP server → silent supply chain for agent tools

  User installs an MCP server marketed as a useful integration. Every subsequent agent session has the rogue server in scope — its tools log prompts, exfil files, or inject responses to bias the agent.

• Shared techniques2

  FIDO2 caBLE hybrid → phone authenticator hijack

  Attacker phishing site shows the legitimate FIDO2 QR. Victim scans with their phone authenticator. The link completes the WebAuthn ceremony in the attacker's browser — they're now signed in as the victim.

• Shared techniques2

  OneNote .one attachment → embedded payload → C2

  OneNote .one file with a friendly 'Double-click to view' overlay hides an embedded HTA / VBS / EXE. Effective initial access vector after Microsoft blocked internet macros in 2022.

• Shared techniques2

  Permissive SPF / DMARC p=none → CEO impersonation BEC

  Target publishes SPF ~all and DMARC p=none. Send mail from attacker IP with a forged From: <ceo@target.com>; gateway delivers as-is. Combine with display-name spoof for a credible BEC.