New Pen Test Tool Tricks Targets with Microsoft WCX Files

guest · Aug 30, 2018

New Pen Test Tool Tricks Targets with Microsoft WCX Files
The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.
August 30, 2018
https://www.darkreading.com/endpoin...rgets-with-microsoft-wcx-files/d/d-id/1332706

Firework is a Python-based tool designed to find weak spots in enterprise security practices, and address the issue of social engineering tactics in corporate network breaches. It leverages these techniques to get targets to open a WCX file, which can be used to configure a Microsoft Workplace on a system and grant an attacker remote access.

Once the target opens the file, the tool links to Firework, gathers credentials (including password hashes), and offers resources that were set up in the file, such as links to potentially malicious Office documents or a remote desktop environment that the pen tester controls.

Read more details here.
Click to expand...

Log in or Sign up

New Pen Test Tool Tricks Targets with Microsoft WCX Files

guest Guest

Log in or Sign up

New Pen Test Tool Tricks Targets with Microsoft WCX Files

guest Guest

Useful Searches