Windows oneliners to download remote payload and execute arbitrary code

In the wake of the recent buzz and trend in using DDE for executing arbitrary command lines and eventually compromising a system, I asked myself « what are the coolest command lines an attacker could use besides the famous powershell oneliner » ?

Lire la suite

Using WebDAV features as a covert channel

I’ve recently been looking into a fancy covert channel, targeting Windows familly operating systems, for either:

  • deliver various malicious payloads (shellcode, binaries, scripts, whatever…)
  • use it as a C2 communication channel

This is what this blog post is all about. Let’s dig into it.

Lire la suite