Discover and read the best of Twitter Threads about #probablyinteresting
Most recents (1)
@Hexacorn @cglyer @HackingDave @DerbyCon This was a technique largely outside of my typical purview - thanks for the context @Hexacorn!
Here are some rules 📏 & in-the-wild history 📆 to share for .url persistence.
Rules: gist.github.com/itsreallynick/… (CC @cyb3rops)
A quick history on the two kinds of .URL files so far...
Here are some rules 📏 & in-the-wild history 📆 to share for .url persistence.
Rules: gist.github.com/itsreallynick/… (CC @cyb3rops)
A quick history on the two kinds of .URL files so far...
@Hexacorn @cglyer @HackingDave @DerbyCon @cyb3rops @QW5kcmV3 The reason for the two rules are the options
URL=file:///<local file>
*and*
URL=file://<remote resource URL>
I liked the second one more
As with all Windows scripting techniques, there are no doubt creative launch methods to replace "file://" here that are worth exploring 🤔
URL=file:///<local file>
*and*
URL=file://<remote resource URL>
I liked the second one more
As with all Windows scripting techniques, there are no doubt creative launch methods to replace "file://" here that are worth exploring 🤔
@Hexacorn @cglyer @HackingDave @DerbyCon @cyb3rops @QW5kcmV3 Quick history time!
(I didn't undertake a retrohunt, basing this on info at-hand)
🔍URL=file:///<local file>
At some point in ~2017 "local" .url persistence was added to commercial backdoors
Example 2017-05-03 06:07:14 (.iso dropper) virustotal.com/gui/file/8b9da…
...
(I didn't undertake a retrohunt, basing this on info at-hand)
🔍URL=file:///<local file>
At some point in ~2017 "local" .url persistence was added to commercial backdoors
Example 2017-05-03 06:07:14 (.iso dropper) virustotal.com/gui/file/8b9da…
...
