Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

ClickOnce Exploitation: One-Click Network Foothold - AppSec California 2016

OWASP Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security implications of ClickOnce deployment technology in this AppSec California 2016 conference talk. Discover how ClickOnce, a fast and easy software deployment solution, can be exploited by malicious actors to gain a foothold in networks. Learn about a new methodology combining ClickOnce technology with phishing techniques to establish an initial presence in an environment with minimal user interaction. Gain insights into the "one click" approach that allows attackers to pivot and escalate their access. Delve into topics such as certificate signing, trust architecture, PowerShell, Veil evasion, and command and control setup. Watch a live demo showcasing the creation of a malicious ClickOnce application using Visual Studio, and understand preventive measures like registry settings and Smart Screen. This 40-minute presentation by Ryan Gandrud, a senior security consultant at NetSPI, offers valuable knowledge for cybersecurity professionals and IT administrators concerned with secure software deployment.

Syllabus

Intro
Who is Ryan
Agenda
Certificate Signing
Trust Architecture
Microsoft Quote
Why Did I Use ClickOnce
Powershell
Veil Evasion
Bail
Foot Bones
Server Setup
Command and Control
Cleanup
Demo
Visual Studio
Code
Target Framework
Full Trust Application
Application Files
Publishing Files
Hero
Login Page
Invalid Password
Security Prompt
Unknown Publisher
Run App
Preventive Measures
Registry Settings
Smart Screen
Smart Screen Flow Chart
Why Use Science Executable

Taught by

OWASP Foundation

Reviews

Start your review of ClickOnce Exploitation: One-Click Network Foothold - AppSec California 2016

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.