https://medium.com/@reegun/unsanitized-file-validation-leads-to-malicious-payload-download-via-office-binaries-202d02db7191
#Microsoft Office binaries #winword #excel #powerpnt added to #lolbas || #lolbin
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winword/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Powerpnt/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Excel/
#Microsoft Office binaries #winword #excel #powerpnt added to #lolbas || #lolbin
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winword/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Powerpnt/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Excel/
Medium
Unsanitized file validation leads to Malicious payload download via Office binaries.
As a part of finding vulnerable endpoints to improve defence, I used to reckon legitimate binaries on any chance of masking for payload…
This media is not supported in your browser
VIEW IN TELEGRAM
SettingSyncHost.exe as a LolBin
http://hexacorn.com/blog/2020/02/02/settingsynchost-exe-as-a-lolbin/
#LOLBIN
cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo
http://hexacorn.com/blog/2020/02/02/settingsynchost-exe-as-a-lolbin/
#LOLBIN
cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo
Stay positive Lolbins... not!
http://hexacorn.com/blog/2020/02/05/stay-positive-lolbins-not/
#LOLBIN
rundll32 advpack.dll, RegisterOCX calc.exe
rundll32 advpack.dll, #12 calc.exe
rundll32 advpack.dll, #+12 calc.exe
rundll32 advpack.dll, #-4294967284 calc.exe
http://hexacorn.com/blog/2020/02/05/stay-positive-lolbins-not/
#LOLBIN
rundll32 advpack.dll, RegisterOCX calc.exe
rundll32 advpack.dll, #12 calc.exe
rundll32 advpack.dll, #+12 calc.exe
rundll32 advpack.dll, #-4294967284 calc.exe