Weirdest Bug Bounty – Getting PII from Office365

I'm confused about the ntlm hashes - so it sounds like there is some service that contacts the auto-generated guid domain and sends legit SMB traffic to it? That seems really odd? I'd be curious to hear more about that.

Wow. That’s textbook bad engineering. Could’ve done guid.nonexistanttld but they just had to do guid.com!