Click to Enable Content
ATT&CK techniques detected
T1041Exfiltration Over C2 Channel
80%
“click to enable content click to enable content advisory : the techniques and tools referenced within this blog post may be outdated and do not apply to current situations. however, there is still potential for this blog entry to be used as an opportunity to learn and to possibly…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204User Execution
50%
“automatically when the file is opened but powerpoint does not. i have heard and read about hacks to accomplish the same in powerpoint but, in this case, we will simply use custom actions in the presentation to trigger execution of the code when the user clicks inside the slidesho…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
39%
“automatically when the file is opened but powerpoint does not. i have heard and read about hacks to accomplish the same in powerpoint but, in this case, we will simply use custom actions in the presentation to trigger execution of the code when the user clicks inside the slidesho…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Sally Vandeven // Evading anti-virus scanners has become a bit of a sport around BHIS. When we do C2 testing for our customers we start with a host on the […]
The post Click to Enable Content appeared first on Black Hills Information Security, Inc..