Week 21 In Review – 2017

Events Related

Resources

Techniques

  • Bypassing Application Whitelisting with BGInfo – msitpros.com
    To bypass application whitelisting with bginfo you must first create a VBscript file that you want to execute. This can either be saved to disk on the system you want to run the script or you could serve it through a Webdav server from the internet 

Vendor/Software Patches

  • 0patching the “Worst Windows Remote Code Execution Bug in Recent Memory” CVE-2017-0290 – 0patch.blogspot.de
    Natalie Silvanovich and Tavis Ormandy of Google Project Zero found a pretty nasty bug in Microsoft Malware Protection Engine, allowing an attacker to execute arbitrary code as LocalSystem on any Windows computer running any Microsoft anti-malware product such as Security Essentials or Windows Defender by simply having that computer access a malicious file.

Vulnerabilities

  • Don’t tell people to turn off Windows Update, just don’t – www.troyhunt.com
    When you position this article from a year ago next to the hundreds of thousands of machines that have just had their files encrypted, it’s hard to conclude that it in any way constitutes good advice. I had the author of this post ping me and suggest that people should just manually update their things if they disabled Windows Update.

Other News

  • Gizmodo went phishing with the Trump team—will they catch a charge? – arstechnica.com
    Earlier this week, the team at Gizmodo’s Special Projects Desk published a report on how they “phished” members of the administration and campaign teams of President Donald Trump. Gizmodo identified 15 prominent figures on Trump’s team and sent e-mails to each posing as friends, family members, or associates containing a faked Google Docs link.