Time for a break from the AppLocker case study to blog about this issue, since I found it very interesting. This issue was actually discovered by me and a customer of mine by coincidence. The issue has been run through Microsoft Security Response Center (MSRC) and they concluded that this can be fixed with a … Continue reading Office 365 Safe links bypass
Tag: Outlook
Defense-In-Depth write-up
TL;DR .BGI files can be sent on mail as attachment and can execute code when opened.Requires that BGinfo.exe has been run on the remote machine once. It will also bypass Outlook attachment protection (Fixed with Defense-in-depth patch from September 2017). PowerShell functions to generate BGI and VBSWebMeter here: https://github.com/api0cradle/BGInfo I was acknowledged on … Continue reading Defense-In-Depth write-up