[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]  Neon White Rabbit [@NeonWhiteRabbit](/creator/twitter/NeonWhiteRabbit) on x 9140 followers Created: 2025-07-18 01:32:34 UTC The research hasn't been posted yet, but to those not in Security, I'll explain what's happening from the limited information I see prior to the research being posted (based on previous work I've done). I'll try to be as high level as possible. When an organization has Microsoft Teams, it comes default or 'out-of-the-box' with a feature that enables people from outside organizations (or hackers) to be able to message you as if they are in your organization. Lots of things in products can be a security issue (Example: like default credentials/admin credentials that need to be changed or anyone who has access to the login can associate the product/version and get in with default credentials after looking them up). Since Teams is used internally at lots of organizations, it is something that many users believe is locked down just to their org. What this means is that if you are able to do some OSINT research (ex: LinkedIn) on the organization and target specific roles within the company, you can message them (and act as if you're within the organization, or even IMPERSONATING someone else in the organization.) This is a GOLDMINE for SOCIAL ENGINEERING, which is the most common way to get into computers/networks. One Scenario I would use: If I, as an attacker, wanted to get into an organizations network, I would be able to do research on who to target, who I would pretend to be, and have them either take actions (malicious financial) themselves -- based on them thinking I was their boss, OR I could send them a link to a document that would have malware I created inside. Once they load the file (In this case let's say a word/Pdf and have a (payload) inside that gives me user access to their computer. I would then go from there deciding on what I wanted to do -- which could be a range of things, but you get the point. XXX engagements  **Related Topics** [microsoft teams](/topic/microsoft-teams) [neon](/topic/neon) [microsoft](/topic/microsoft) [stocks technology](/topic/stocks-technology) [Post Link](https://x.com/NeonWhiteRabbit/status/1946020236500812013)
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
Neon White Rabbit @NeonWhiteRabbit on x 9140 followers
Created: 2025-07-18 01:32:34 UTC
The research hasn't been posted yet, but to those not in Security, I'll explain what's happening from the limited information I see prior to the research being posted (based on previous work I've done). I'll try to be as high level as possible.
When an organization has Microsoft Teams, it comes default or 'out-of-the-box' with a feature that enables people from outside organizations (or hackers) to be able to message you as if they are in your organization.
Lots of things in products can be a security issue (Example: like default credentials/admin credentials that need to be changed or anyone who has access to the login can associate the product/version and get in with default credentials after looking them up).
Since Teams is used internally at lots of organizations, it is something that many users believe is locked down just to their org. What this means is that if you are able to do some OSINT research (ex: LinkedIn) on the organization and target specific roles within the company, you can message them (and act as if you're within the organization, or even IMPERSONATING someone else in the organization.)
This is a GOLDMINE for SOCIAL ENGINEERING, which is the most common way to get into computers/networks.
One Scenario I would use:
If I, as an attacker, wanted to get into an organizations network, I would be able to do research on who to target, who I would pretend to be, and have them either take actions (malicious financial) themselves -- based on them thinking I was their boss, OR I could send them a link to a document that would have malware I created inside. Once they load the file (In this case let's say a word/Pdf and have a (payload) inside that gives me user access to their computer.
I would then go from there deciding on what I wanted to do -- which could be a range of things, but you get the point.
XXX engagements
Related Topics microsoft teams neon microsoft stocks technology