Discover and read the best of Twitter Threads about #probablyinteresting

Most recents (1)

@Hexacorn @cglyer @HackingDave @DerbyCon This was a technique largely outside of my typical purview - thanks for the context @Hexacorn!

Here are some rules 📏 & in-the-wild history 📆 to share for .url persistence.

Rules: gist.github.com/itsreallynick/… (CC @cyb3rops)

A quick history on the two kinds of .URL files so far...
@Hexacorn @cglyer @HackingDave @DerbyCon @cyb3rops @QW5kcmV3 The reason for the two rules are the options
URL=file:///<local file>
*and*
URL=file://<remote resource URL>

I liked the second one more
As with all Windows scripting techniques, there are no doubt creative launch methods to replace "file://" here that are worth exploring 🤔
@Hexacorn @cglyer @HackingDave @DerbyCon @cyb3rops @QW5kcmV3 Quick history time!
(I didn't undertake a retrohunt, basing this on info at-hand)

🔍URL=file:///<local file>

At some point in ~2017 "local" .url persistence was added to commercial backdoors
Example 2017-05-03 06:07:14 (.iso dropper) virustotal.com/gui/file/8b9da…
...
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!