Black & White Path

Apr 7, 2026 · Information Security

How Attackers Exploit Outlook 365 to Force Capture of NTLM Hashes

Security researchers reveal that by embedding malicious UNC paths in specially crafted Outlook 365 emails or meeting invites, attackers can trigger automatic SMB authentication, steal the victim’s Net‑NTLMv2 hash, and subsequently perform offline cracking or NTLM relay attacks, posing a high‑stealth threat to enterprises.