SANS ISC Diary - Using Shell Links as zero-touch downloaders and to initiate network connections

24-06-2020 / In categories SANS ISC, News, 2020

LNK, Microsoft, SANS, Windows

Translation: CS

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a weakness handling of LNK files in Windows, through which one may force the OS to download an arbitrary file from a remote server any time the shortcut file is displayed.