Persistence using RunOnceEx – Hidden from Autoruns.exe

TL;DR - Found a technique to execute DLL files without being detected by autoruns.exe at logon. - Requires administrator rights and does not belong in userland. - Run this to Exploit: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d "C:\temp\messageBox64.dll"   RunOnceEx I finally had some time to do some unstructured research. With unstructured research I mean going after … Continue reading Persistence using RunOnceEx – Hidden from Autoruns.exe

My experience with IT DEV CONNECTIONS 2017 and demo videos

Earlier this year I submitted three sessions to the IT DEV CONNECTIONS conference and to my big surprise all of them was accepted. I was hoping that at least one of them was accepted, but all three was, and that is just incredible. I must admit at first that I was a bit scared, since … Continue reading My experience with IT DEV CONNECTIONS 2017 and demo videos

Accessing clipboard from the lock screen in Windows 10 #2

#UPDATE# This issue is fixed in the Windows 10 1803 versions and newer.   I received a lot of positive feedback on my previous post on accessing the clipboard from the lock screen using the wireless password field. Just out of curiosity I tried other combinations on doing the same thing, and I found out … Continue reading Accessing clipboard from the lock screen in Windows 10 #2

Accessing clipboard from the lock screen in Windows 10

#UPDATE# This issue is fixed in the Windows 10 1803 versions and newer.   I discovered something interesting that I wanted to be shared with the rest of the world. Before you read any further, I want you to know that I did send an email to MSRC (Microsoft Security Response Center) about this. The … Continue reading Accessing clipboard from the lock screen in Windows 10