TL;DR You can run a remote shell through ICMP. ICMP can be used for bad. Many customers have asked me this question many times, and in general ICMP (ICMP is a lot more than just ping, but is often referred to as ping for simplicity) is a nice thing to use to verify if … Continue reading Ping is okay? – Right?
Month: May 2017
Clarification – BGInfo 4.22 – AppLocker still vulnerable
Just wanted to do a quick follow-up on this bypass. Seems that BGInfo 4.22 still can be used to bypass AppLocker using the techniques I showed in my previous post. Meaning that if you use AppLocker as whitelisting solution I guess you must deny BGInfo.exe in order to prevent this bypass. Screenshots from an AppLocker … Continue reading Clarification – BGInfo 4.22 – AppLocker still vulnerable
Bypassing Application Whitelisting with BGInfo
TL;DR BGinfo.exe older than version 4.22 can be used to bypass application whitelisting using vbscript inside a bgi file. This can run directly from a webdav server. UPDATE: 22.05.2017 AppLocker is still vulnerable with Bginfo 4.22. A blogpost about that here: https://oddvar.moe/2017/05/22/clarification-bginfo-4-22-applocker-still-vulnerable/ UPDATE: 19.06.2017 Microsoft has thanked me in their documentation for this finding. The … Continue reading Bypassing Application Whitelisting with BGInfo
Oddvar Moe's Blog 