ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution
0
Free
ClickOnce is a Microsoft technology that enables the user to install and run a Windows-based smart client application by clicking a link in a web page. With a little bit of C# coding knowledge, a red teamer or penetration tester has yet another capability to add to their ethical hacker toolkit. What are the requirements for operational use? To get started with ClickOnce, we need to do our homework and get a few things prepared: For social engineering campaigns, Microsoft web browsers (Edge/Internet Explorer) are required to invoke the ClickOnce installer. Additionally, target organizations must have the appropriate version of .NET Framework installed to launch the respective payload.
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.
A guide on basic Linux privilege escalation techniques including enumeration, data analysis, exploit customization, and trial and error.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
A script to enumerate Google Storage buckets and determine access and privilege escalation
Emulate offensive attack techniques in the cloud with a self-contained Go binary.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
Boofuzz is a network protocol fuzzing tool that aims to fuzz everything
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security