> To create this reverse shell, the attacker must first convince a user to install a malicious stager that executes commands, and uploads command output via a GIF url to a Microsoft Teams web hook.
This to me makes the rest rather pointless, if you convince a user to install malicious software on their machine, you could not use teams at all, other than the traffic won't likely be caught.
> Microsoft did not consider the ability of external attackers to bypass security controls and send attachments to another tenant
This is a default allowed feature, but can be turned off in the admin console, not only that but you can turn on federation which does check the origin of the messages.
This to me makes the rest rather pointless, if you convince a user to install malicious software on their machine, you could not use teams at all, other than the traffic won't likely be caught.
> Microsoft did not consider the ability of external attackers to bypass security controls and send attachments to another tenant
This is a default allowed feature, but can be turned off in the admin console, not only that but you can turn on federation which does check the origin of the messages.