RSS

Gone Phishing with Claude Teams: From Deceptive Team Onboarding to RCE

weinzierl1 pts0 comments

Gone Phishing with Claude Teams: From Deceptive Team Onboarding to RCE | offensive-actions

@haussner.me part is probably not possible. Watering hole attack 🔴 No “Domain discovery”, no luck. 🟢 Out of the box. This is the single green advantage here. Safety from being locked out 🟢 You own the domain and the Team, except from Anthropic, no one can evict you. 🟡 If Haussner Inc. realize the attack, they stop your access to some.person.in.housekeeping@haussner.me and you cannot log in to Claude anymore. Worse: they can use that address to log into your Claude Team and shut it down. Definitely create an Owner account on a different trusted domain and only give the Admin permission to some.person.in.housekeeping@haussner.me to invite people! 🤯‼️🤯‼️ If you have access to some.person.in.housekeeping@haussner.me, you can: Create an Owner with bill.lumbergh@partner.anthropic-evaluation.com. Assign Owner to some.person.in.housekeeping@haussner.me in your Claude Team and use this login to turn on “Domain discovery” for haussner.me. Downgrade that account right away again to User (just don’t toss it completely), so Haussner Inc. has no backdoor into your Team with owner level permissions. Now, you have almost all the benefits of both worlds… Creating the Team After you settled on the email address for the new Owner of the Team, follow the documentation to “Get started with the Team plan”. You got this. All you need is 5 minutes and a credit card with enough budget for 5 seats for a month. If you are, unlike myself, a real cyber goon, you have some stolen credit cards readily available. Or you go for the full invest, because what you can pull of a targets machine is most probably worth way more, if you did your research. 💡 Remember: You cannot change emails after registering the account. If you want to change the email address of a account, just create a new account with the new address, and discard of the old account. You lose access to all the chats with Claude, but we do not touch any LLMs here, anyways. Customizing the Team We only need to make a few settings: Our name First, we set the name to Bill Lumbergh: This is the minimal viable name basically. You could go crazy, since the length and contents of the name field are not checked in the backend, so you can also set this as a name: Hi there! We are evaluating Claude Code for our business and you were selected for Early Access. Bill Lumbergh An invitation would show the following: Our Team name and logo We are going with Haussner Inc.'s Evaluation. You can change that in a moment’s notice and give the Team any name you want, I was not able to identify an blacklist of sorts. The logo can also be changed at will. It shows up only after the target user fell for the phish, to indicate they are logged into a company account and in the account picker on the lower left, if they already had a personal account (think “Organization discovery” phish): Invitation settings First, we need to add the target domain as trusted domain: Then, we set up that members can invite others (Peer2Peer invites), but that needs admin (ours) approval to not fill seats with people who are not interesting to us: Delivering the phish Now that the setup is done, we can go ahead and send out the phish. This is very trivial - if we chose the the “Admin invitation” attack. By now you know how it works: Organization settings -> Members -> Add member Now, we simply wait for this to show up: 🥷 Double-Tap Attack If an attacker wants to be extra hacky, they check if the target organization has a DMARC record with p=none. If they do (and so many do 😭), they could spoof an email from bill.lumbergh@haussner.me, informing the target about the exciting new evaluation partnership with Anthropic. Then, 20 minutes later, they deliver the Team phish. And to be tripple hacky, they could (a day or so after the target joined the Team) spoof another mail from bill.lumbergh@haussner.me, letting the target know, that the evaluation started successfully and they now can invite their best coworkers to the test-fest with Peer2Peer invites. Exploiting the phished accounts This is really cool, and we as the attacker now pay for Claude access for the target. That sounds altruistic at first, but how exactly is this going to help us reach our goal of RCE? Setting up the RCE Pushing targets to use Claude Code Setting up the RCE If you were not aware, you can use guardrails if you want to try to keep your agent in check and not have it drop your production database. One of the ways of establishing guardrails are hooks (see the official docs). To cite this documentation: Hooks are user-defined shell commands, HTTP endpoints, or LLM prompts that execute automatically at specific points in Claude Code’s lifecycle Those hooks are being triggered by a multitude of available events, like SessionStart, UserPromptSubmit, TaskCompleted, SessionEnd and many more. They run deterministically, since they are triggered by the harness,...

team haussner claude account name target

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.