In real life threat actors will put a lot more effort into making this look legitimate to make users click through any additional security warnings they may receive. For sake of ease of example, in this article I will be using a very basic one from scratch. This means we can create a new help file from scratch or simply edit an existing one. chm files are basically Windows help files that pop up if you use the help function while using various programs. (See here)This file can then be run and will execute programs, grab files, exfiltrate data really whatever you code it to do. chm filesĪs mentioned there are some tools out there that you can use to create chm files but the simple way is to open notepad create your file and then name is and there you have it your ready to go chm file. This should obviously only ever be done on computers you own or have express permission to attack.
Programs exist to do this online but I will be doing it manually. hta files as droppers in order to import and execute malicious files onto a system. This is by no means a new tactic but it is something I had didn’t usually look at too much so decided to have an explore.
When looking at this article I was reading about a spearfishing campaign conducted by APT41 using compressed HTML files (.chm). I like to read articles of current tactics used by Advanced Persistent Threat (APT) Groups. This one won’t be a htb write up though more a summary of a recent bit of study I undertook.
Now I have internet again I can catch up with the postings I have missed over the last few weeks.
0 kommentar(er)
