Friday, February 3, 2023

I Can Name That Exploit in One Note

 Another New Day and Another New Way...


By Dominic Alvieri
February 3rd, 2023

The Cyber Show, by Dominic Alvieri.


Do your steganographic skills suck? Never fear 2023 is here. I guess I wasted years practicing the dark art of stego now with so many new ways to discretely infect, compromise and take over your target. 

How? Hiding your malicious file in an empty element is one way recently disclosed by researchers. Needless to say there are several other ways to play around with elements.





Another popular choice... embedding a malicious file within One Note. 


One Note.

You can't hard code all of your website. It's just not practical. Now that Microsoft has disabled macros threat actors are finding new ways to infiltrate networks. One Note has taken center stage and Microsoft Visual Studio just joined the fray. 

Here is a short list of files to closely examine or block that are being abused by TAs

.msha
.htm
.lnk
.js

You can do this with many different files and ways.

Ill leave you with this partial...

c:\ encrypt files
\"what?"\ attrib -h (?) -r  ("nice-try")

Redacted



 
at
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Are You Trollin Me?

 Did Black Suit Ransomware just try to troll me? by Dominic Alvieri July 3rd, 2024 @AlvieriD The story goes a little something like this... ...

  • Are You Trollin Me?
     Did Black Suit Ransomware just try to troll me? by Dominic Alvieri July 3rd, 2024 @AlvieriD The story goes a little something like this... ...
  • Where Are They Now?
     The Conti Boys By Dominic Alvieri 1/14/2024 @AlvieriD Ransomware groups have come and gone but few have continued to resonate across the cr...
  • Typosquatting with Mikhail
    The Infrastructure Boss by Dominic Alvieri April 10th, 2024 @AlvieriD What does a former Boris Yeltsin era Defense Minister for the Russian ...