ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution

What is ClickOnce? ClickOnce is a “a Microsoft technology that enables the user to install and run a Windows-based smart client application by clicking a link in a web page” [Wikipedia].  Included as a component within the .NET Framework, ClickOnce allows a developer to create a web-enabled installer package for their (C#) Visual Studio project.  … Continue reading ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution

Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation

Introduction Active Directory (AD) Trusts have been a hot topic as of late.  @harmj0y posted a recent entry about domain trusts [A Guide to Attacking Domain Trusts].  It provides a great understanding of how AD trusts actually work, so be sure to check that out as a primer for this post. In this blog entry, … Continue reading Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation