A reverse proxy could also be leveraged to modify API responses and impersonate any MS Teams user towards the victim. When we tried to craft a valid payload in order to inject those arguments we had to overcome two more hurdles: As a fix for the critical CVE-2018-1000006, Electron changed...