How can an attacker verify a user's mailbox password through Exchange ActiveSync?

An attacker can verify credentials by sending an OPTIONS request to the default EAS URL (`/Microsoft-Server-ActiveSync`) with HTTP Basic Authentication. If the credentials are valid, the server returns a 200 status code. This technique is often used as the first step in a broader attack, such as accessing internal file shares. The article provides Python code examples for automating this verification, which is a foundational step in the PEAS tool.