Website
onenoteonlinesync.onenote.com
Phishing
Attackers can insert an attachment on a OneNote Notebook and then use the attachment's direct download link to phish users.
Exfiltration
Attackers can insert files they wish to exfiltrate on a OneNote Notebook and send the direct download link to themselves. This method is not ideal for large files due to the file size restriction in place.
Download
Attackers can insert an attachment on a OneNote Notebook and then use the attachment's download link to directly download the file.
Created: 2021-12-26
Last Update: 2021-12-26
Credits: mr.d0x