TL;DR BGinfo.exe older than version 4.22 can be used to bypass application whitelisting using vbscript inside a bgi file. This can run directly from a webdav server. UPDATE: 22.05.2017 AppLocker is still vulnerable with Bginfo 4.22. A blogpost about that here: https://msitpros.com/?p=3860 My main inspiration for finding this bypass technique comes from Matt Graeber (@mattifestation) […]
I must say that NIC 2017 was an awesome event and I meet a lot of great people. Thanks to all the people working for NIC that made this such a great event. During my presentation, I did not get enough time to show all the things I wanted to (damn you demo gods), and […]
I received a lot of positive feedback on my previous post on accessing the clipboard from the lock screen using the wireless password field. https://msitpros.com/?p=3746 Just out of curiosity I tried other combinations on doing the same thing, and I found out another cool trick to do the same using the Narrator feature in Windows. […]
I discovered something interesting that I wanted to be shared with the rest of the world. Before you read any further, I want you to know that I did send an email to MSRC (Microsoft Security Response Center) about this. The answer I got was this: <quote>«In general, MSRC does not consider issues that require […]
This post is all about how I created a PowerShell script to automate the process of generating USB sticks used in a Social engineering attack. The goal with the attack was to measure if the employees inserted the USB sticks and opened any documents. It was not a goal to exploit the users. The Manual way So […]
I often end up in discussions where I point out that UAC bypass is a common thing and that UAC is not a very good security boundary if it is left default. Truth be told that if you change the default UAC setting from «Notify me only when apps try to make changes to my […]
This is probably something that many already knows and there are probably other and better blogposts about this, but I thought that it is important to refresh old knowledge. In Skype it is possible to send links in an IM chat and that’s great. A problem with that is that it can be used for […]
Got a friend that received the following mail 8 or 9 times in his inbox and he wondered if I would take a look at it. How can I say no? The mail looked like this: It has been some time since I last reversed something so I taught it would be fun just to […]
I thought I would write this blogpost to describe what I think is best practices in terms of installation of Microsoft Advanced Threat Analytics. The product is meant to reveal advanced attacks in your infrastructure. It is therefore important to understand that you should assume breach when installing this product. This could be a little […]
Since Digicert.com provides free certificates to MVPs, we have added a SSL certificate to our blog and switched to HTTPS on all our traffic. Thank you so much Digicert. This will make sure that all traffic to and from our blog is encrypted. Google has announced that they will use https as a ranking signal […]