Overview
Explore the security implications of ClickOnce deployment technology in this AppSec California 2016 conference talk. Discover how ClickOnce, a fast and easy software deployment solution, can be exploited by malicious actors to gain a foothold in networks. Learn about a new methodology combining ClickOnce technology with phishing techniques to establish an initial presence in an environment with minimal user interaction. Gain insights into the "one click" approach that allows attackers to pivot and escalate their access. Delve into topics such as certificate signing, trust architecture, PowerShell, Veil evasion, and command and control setup. Watch a live demo showcasing the creation of a malicious ClickOnce application using Visual Studio, and understand preventive measures like registry settings and Smart Screen. This 40-minute presentation by Ryan Gandrud, a senior security consultant at NetSPI, offers valuable knowledge for cybersecurity professionals and IT administrators concerned with secure software deployment.
Syllabus
Intro
Who is Ryan
Agenda
Certificate Signing
Trust Architecture
Microsoft Quote
Why Did I Use ClickOnce
Powershell
Veil Evasion
Bail
Foot Bones
Server Setup
Command and Control
Cleanup
Demo
Visual Studio
Code
Target Framework
Full Trust Application
Application Files
Publishing Files
Hero
Login Page
Invalid Password
Security Prompt
Unknown Publisher
Run App
Preventive Measures
Registry Settings
Smart Screen
Smart Screen Flow Chart
Why Use Science Executable
Taught by
OWASP Foundation