TL;DR BGinfo.exe older than version 4.22 can be used to bypass application whitelisting using vbscript inside a bgi file. This can run directly from a webdav server. UPDATE: 22.05.2017 AppLocker is still vulnerable with Bginfo 4.22. A blogpost about that here: https://msitpros.com/?p=3860 UPDATE: 19.06.2017 Microsoft has thanked me in their documentation for this finding. The […]
Posts in category Penetration testing
Creating Phishing bait with PowerShell
This post is all about how I created a PowerShell script to automate the process of generating USB sticks used in a Social engineering attack. The goal with the attack was to measure if the employees inserted the USB sticks and opened any documents. It was not a goal to exploit the users. The Manual way So […]
Compliance search – a pentesters dream
After watching «The Advanced Persistent Pentester (All Your Networks Are Belong 2 Us)» (http://www.irongeek.com/i.php?page=videos/derbycon6/416-the-advanced-persistent-pentester-all-your-networks-are-belong-2-us-beau-bullock-derek-banks-joff-thyer)and especially the release of mailsniper I was inspired to write about another method that I use to get access to all data from within mailboxes and Sharepoint sites during pentests. This is often an overlooked feature by pentesters and it is […]
New macro security setting in Office 2016
Microsoft has announced (https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/) that there is a new group policy setting in macro security that blocks macros from files that arrives from Internet. If there is one setting you should implement in your organization, it is this one. This setting will make attacks through attachments in emails much harder. Microsoft’s Office 365 Advanced Threat […]
How to enable RDP in Kali Linux
Say what? This is probably well known by people that knows Linux a little more than average. I often have Kali Linux running on Hyper-V and I often struggle with resolution using the native Hyper-V console. After a little research I found out that I can install xrdp on the Kali machine and be able […]