![]() ![]() Mshta.exe can also be used to bypass application whitelisting defenses and browser security settings. To start, it is a signed, native Microsoft binary that already exists on Windows that can execute code in a variety of ways, and in today’s living off the land culture that attackers love, this makes it a prime application of interest since code execution can be proxied through it. It is a tool so flexible it even has its own cell on the MITRE ATT&CK matrix. ![]() hta files or its partner in crime, mshta.exe, is an alternative to using macro enabled document for attacks and has been around a long time. There is a growing trend for attackers to more heavily utilize tools that already exist on a system rather than relying totally on their own custom malware. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |