Skip to main content
DEF CON 30 - Nick Powers, Steven Flores – ClickOnce AbUse for Trusted Code Execution
Initial access payloads have historically had limited methods that work seamlessly in phishing campaigns and can maintain a level of evasion. This payload category has been dominated by Microsoft Office types, but as recent news has shown, the lifespan of even this technique is shortening. A vehicle for payload delivery that has been greatly overlooked for initial access is ClickOnce. ClickOnce is very versatile and has a lot of opportunities for maintaining a level of evasion and obfuscation. In this talk we’ll cover methods of bypassing Windows controls such as SmartScreen, application whitelisting, and trusted code abuses with ClickOnce applications. Additionally, we’ll discuss methods of turning regular signed or high reputation .NET assemblies into weaponized ClickOnce deployments. This will result in circumvention of common security controls and extend the value of ClickOnce in the offensive use case. Finally, we’ll discuss delivery mechanisms to increase the overall legitimacy of ClickOnce application deployment in phishing campaigns. This talk can bring to attention the power of ClickOnce applications and code execution techniques that are not commonly used.
Hello and welcome to the temple of cybersecurity. Now you are watching DEF CON 30 - Nick Powers, Steven Flores – ClickOnce AbUse for Trusted Code Execution published at October 20, 2022 at 02:39PM.
For more hacking info and free hacking tutorials visit: https://ift.tt/a0WuFiK
follow us on:
Youtube: https://www.youtube.com/channel/UCiu1SUqoBRbnClQ5Zh9-0hQ/
Whatsapp: https://ift.tt/IUvjYTr
Reddit: https://ift.tt/kdgqKhD
Telegram: https://ift.tt/bQKvCq7
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/wKuknQA
Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news
Comments
Post a Comment